Black Friday scammers use Nike, PlayStation, other brands as bait


With millions of shoppers ready to spend billions, scammers set up traps to cash in on the craze.

Black Friday sales in the US hit a spending record last year, with consumer spending reaching $9 billion. It's unlikely 2021 will be any different. Experts forecast that sales will likely grow by 5%, increasing the total spending to $9.5 billion.

Retailers are not the only ones eager to cash in. Scammers prep fake online sites to trick rushing customers into revealing their financial or other data.

Even though the pandemic restriction has been somewhat eased, Yoav Keren, co-founder, and CEO of BrandShield, an online threat hunting company, think scammers will not be any less eager than they were last year.

ADVERTISEMENT

"While Covid accelerated the shift to online shopping, we don't think this year will be any different than year's past. In fact, we're only seeing fraud activity increase in 2021 as scammers grow ever more sophisticated and cleverer in stealing your personal and financial information," Keren told CyberNews.

Playstationboxstore
An example of a fake website, created to phish for user data. Image by BrandShield.

Price of fame

An analysis by BrandShield shows that in preparation for last years' Black Friday sales, scammers set up numerous fake websites imitating well-known apparel, luxury, and electronic item manufacturers.

After analyzing websites, domain names, and social platforms, researchers found out that from October 2020 to November 2020, PlayStation and Nike were the most targeted brands.

In a single month, domain registrations related to Sony gaming consoles grew by 126%, while the number of domains imitating Nike grew by 87%. Airpods were a close third with an 80% growth in domain registration.

"Any brand can be targeted by fraudsters, the more popular the item, the more likely that consumers will be looking out for deals for those items," Keren told CyberNews.

The analysis shows scammers anticipate that shoppers will look for deals on luxury items as domain registrations related to Louis Vuitton, Rolex, and Fendi increased 78%, 118%, and 67%, respectively.

ADVERTISEMENT

"Luxury items are always attractive to fraudsters because there is the potential to make more money on each scam," Keren explained.

Scammers set up websites for e-commerce sites and well-known retailers to make the most of the spending frenzy. Unsurprisingly, Target (137%), BestBuy (89%), and Costco (141%) were among the most common names fraudsters targeted.

Interestingly, the analysis shows that Target outpaced Walmart (2.5%) in suspicious domain registrations more than 50 to 1, while eBay (155%) outpaced Amazon (16%) nearly 10 to 1.

Stay vigilant

Impersonating major online ecommerce outlets remain key to scammer activity. According to the Federal Trade Commission (FTC), the number of reported Amazon impersonators grew five times from July 2020 to June 2021.

Out of 96,000 reported business impersonators, 35% used Amazon's name to lure victims into their traps. Apple is the second most impersonated company, with 6% of reported scammers pretending to be company representatives.

The FTC reports that 6,000 people lost money to scammers, with total losses at $27 million.

FTC claims that scammers who impersonate Amazon target older adults. Compared to younger adults, people over 60 were over four times as likely to report losing money to an Amazon impersonator.

According to Dave Hatter, a cybersecurity expert at IntrustIT, there are several ways to spot a scam. Here's what you should pay attention to:

ADVERTISEMENT
  1. Stop. Think. Did I actually order the item in question?
  2. Look for misspellings and bad grammar in the email as red flags. As the scammers get better, this is less common.
  3. Mouseover, BUT DO NOT CLICK on the links to see if they actually go to the website the email appears to have come from. If it's not VERY CLEAR that it does, DO NOT CLICK the link.
  4. Be extra vigilant and skeptical.
  5. If you're not sure, or you did order something, go "out-of-band."
  6. Don't click any of the links or call any of the phone numbers (all easily spoofed).
  7. Go to the website that purportedly sent the email by visiting it directly. For example, open a new browser window and go to www.amazon.com, www.target.com, www.walmart.com.
  8. Log in to your account and use the legitimate site to check on any orders you might have.
  9. The same would hold true if the email purportedly came from a shipping company like UPS or FedEx. Go "out-of-band" and visit their site directly to search for the shipping number.

More from CyberNews

Apple sues NSO Group over the use of Pegasus spyware

GoDaddy security breach exposes 1.2 million WordPress users' data

Americans filed 5 million complaints about telemarketing and scam calls

CISA and FBI warn: threat actors don’t take holidays

Holiday phishers switch to phone scams

Subscribe to our newsletter

ADVERTISEMENT