NordLayer insights: the making of a Black Friday cyber scam

Key takeaways

• Black Friday sees a major spike in both shopping, with billions spent online, and in scam activities, with a 22% increase in fraud losses reported.
• Cybercriminals start gearing up for Black Friday scams in January, indicated by increased dark web searches for related keywords.
• Dark web data shows Black Friday is a topic of interest throughout the year, not just in November, with notable search activity in April.
• Months before Black Friday, the dark web buzzes with searches for big retailers, hinting at planned attacks on these platforms.
• Key protective measures include skepticism towards unexpected deals, consistent software updates, using different devices for work and personal use, secure passwords, and informed cyber practices.

Black Friday is famous for big sales and shopping frenzy. It's also a busy time online, with a record $9.12 billion spent last year, as reported by Adobe Analytics. This global trend saw Salesforce reporting worldwide online sales hitting $40 billion. 

Yet, alongside this rise in legitimate transactions, there was a notable increase in fraudulent activity, with reported losses from scams associated with Black Friday and Cyber Monday climbing by 22% from the previous year. These statistics don't just reflect consumer zeal for deals; they also underscore the period's vulnerability to cyber threats.

Based on this reality, NordLayer's recent exploration reveals a complex strategy behind the festive frauds that often begin brewing while most still stick to their New Year's resolutions. 

January: the planning period for cybercriminals

The words "Black Friday" might bring images of late-year sales to mind, but for a cybercriminal, January is a prime month for laying the groundwork. During this period, researchers noted a surge in search activity on the dark web, encompassing all Black Friday-related keywords, from hot shopping trends to potential cybersecurity threats.

Carlos Salas, Head of Platform Engineering at NordLayer, illustrates the situation: “The reason behind this early start is the need to establish a network of resources, from stolen personal data to compromised accounts, to facilitate their scams when Black Friday arrives. Criminals also seek to exploit the heightened sense of urgency and excitement surrounding the holiday season to deceive unsuspecting shoppers.”

Surprisingly, the 'Black Friday' keyword spiked in April searches —an unexpected deviation from the usual November interest. The reasons for this springtime surge are unclear, but it's a reminder to stay alert for online dangers all year round, not just during the holiday shopping rush. 

'Black Friday' queries are at their lowest in August, but remarkably, they shoot up in September, doubling the volume seen in the previous month.

Why Black Friday deals are a dark web trend all year

Black Friday isn't just for November anymore; it's a year-round event where you can always find deals. On the dark web, 'Black Friday' means discounts on things like stolen data and illegal items every day. These places sell lots of subscription services at lower prices, too. Cybercriminals are ready to use this buzz to target both shoppers and companies.

“Black Friday became synonymous with getting great deals, so this keyword is popular year-round. Vendors on the dark web marketplaces know that when a potential customer sees the term ‘Black Friday,’ they will likely be attracted to the idea of saving a coin, regardless of what season it is,” says Salas.

High traffic, high risk

Popular online marketplaces attract threat actors, making retail cybersecurity essential. It's clear that retailers like Amazon, eBay, and Target, with their high online traffic, are primary targets for these attackers.

The data points to a sharp rise in targeted keyword searches for these e-commerce platforms starting early in January. The increase shows that the more well-known a retailer is, the more likely it is to attract attention from potential attackers on the dark web.

For instance, interest in Amazon spiked, with keyword searches climbing over 45% in January, followed by notable upsurges of 15% in May and 13% in March. 

The Federal Trade Commission (FTC) in 2022 reported that scams where people pretend to be from a business took a massive leap, causing a loss of $2.6 billion. Looking back, from mid-2020 to mid-2021, out of every three complaints about these kinds of scams, one was about someone faking to be from Amazon. Last year, the amount of money swindled by fake businesses was $660 million, which is more than the $453 million lost the year before. The FTC hasn't given a breakdown for Amazon scams for 2022 specifically, but it's a fair guess that, given the trend, Amazon impersonators have also become more common.

eBay saw a similar pattern, with dark web keyword searches soaring by 68% in January, while March and April recorded increases of 46% and 19%, respectively. 

Target-related searches peaked with a 41% rise in March, a 31% jump in January, and a moderate 15% hike in April. 

Each spike in search volume represents more than consumer trends; they're opportunities eyed by cybercriminals.

Top 5 threats this Black Friday

Carlos Salas points out the top five scams to be wary of.

Phishing scams

Phishing remains a favored tactic. Fraudulent attempts to gather sensitive information don't take a holiday, especially not on Black Friday. 

Phishing scams come to life when cybercriminals buy phishing kits from dark web stores. These all-in-one packages enable setting up websites that look trustworthy but are traps for stealing sensitive data.

Before the generative AI era, phishing emails were somewhat easy to spot due to poor grammar, illogical vocabulary, and bad spelling. Such glaring errors were easy to pick up by automated defenses and reasonably careful people. But with AI tools, it is now far more likely that a phishing email will appear genuine, leading to more potential victims actually clicking on malicious links. 

Fake websites

Imitation may be flattery, but in the cyber world, it's a weapon. Cybercriminals craft convincing copycat websites offering too-good-to-be-true deals to lure in unsuspecting shoppers.

The development of fake websites follows a similar path to phishing scams. Scammers use sophisticated software to clone legitimate websites, which are then hosted on compromised or malicious servers. These counterfeit sites are often used together with phishing emails or advertisements to steal user data or payment information.

Gift card frauds

Gift cards from third-party vendors may not be as beneficial as they appear. There's a real danger they could be fake or previously drained, rendering your gift worthless. 

On the dark web, there are marketplaces and forums where stolen gift card numbers are bought and sold. Scammers also trade tips and tools for cracking the algorithms of gift card numbers, allowing them to generate and sell counterfeit cards.

Fake order confirmations

Be wary of unexpected emails, calls, or messages about orders or deliveries you don’t recognize.

This scam involves creating fake order confirmation emails that appear to come from well-known retailers. These emails are crafted using templates available on dark web markets, complete with logos and branding, and contain links to phishing websites or malware.

Social media scams 

According to FTC data, social media ranks as the fifth most common way scammers contact their victims. In cases reported on social media scams, 61% resulted in financial loss. The median amount that people were scammed out of was $528. Think twice before you click on offers that look too good to be true.

These scams are often centered around fake profiles or compromised accounts. The dark web provides a venue for buying and selling the access credentials to these accounts, as well as software that automates the creation of posts and messages designed to defraud social media users.

The methodology behind Black Friday cyber threat analysis

The compilation of data was a joint effort with independent experts focused on researching cybersecurity incidents. The team conducted an analysis of the most searched terms related to Black Friday, including popular discussion topics, retail chains, and methods of attack. They conducted their search analysis over a period stretching from September 2022 to August 2023.

The benchmark is based on the average monthly search volume for Black Friday-related scam terms, and variations from this norm were calculated accordingly.

Fortifying your digital defenses: five tactical measures

Be skeptical of unexpected communications

Phishing doesn't come with a neon sign. Treat unexpected emails and messages cautiously, verifying the sender through other channels if necessary. 

Update and patch regularly

Ensure that all systems and software are up-to-date with the latest security patches. Think of updates as your digital immune system's vitamins—essential for fending off infection by cybercriminals.

Separate work and personal devices

Using personal devices for work can cause trouble. If possible, keep them separate to minimize the risk of cross-contamination. 

Embrace strong, unique passwords 

A common foothold for cybercriminals is a weak password. Opt for complex, unique passwords for each account, and consider a password manager to keep track of them all. 

Educate on cyber hygiene

Empower employees and users with knowledge. Regular training sessions can turn the most innocuous user into a vigilant watchkeeper against phishing scams and suspicious links.

Strengthen your business with NordLayer security

The shift to hybrid work models has made the understanding of security threats more important than ever. NordLayer helps businesses adapt by providing advanced solutions for network access and management. Our services are built around the Zero Trust security model, which rigorously verifies every access request, thus enhancing your data protection. Virtual Private Gateways further secure your operations with dedicated servers that encrypt data and offer detailed access management, seamlessly integrating with leading login systems.

NordLayer offers a suite of security features, including a top-quality VPN, multi-factor authentication, and ongoing network monitoring, designed to fit your business needs without additional hardware complexity.

Contact NordLayer today to strengthen your organization's defenses against cyber threats.