Recorded Future - Rise in Retail-Focused Phishing Campaigns During Pandemic

As people around the world have had to stay home because of the COVID-19 pandemic, there has been a noted increase in online shopping. Whether that shopping is in the form of meal delivery, grocery shopping, or buying household items, people are relying on online services more than ever before. Unfortunately, this also appears to have led to a significant increase in phishing and typosquatting campaigns targeting retail organizations.

As the image below demonstrates, there has been a significant increase in the number of phishing campaigns in the first half of this year. A small part of the increase can be attributed to better collection capabilities than in 2019, but the majority of the increase is because of an increase in activity. Note the increase in retail-focused phishing campaigns in December of 2019, which is consistent with expected phishing activity associated with the Christmas holiday. Normally, there is a steep dropoff in this activity starting in January, but that did not occur.

Recorded Future Timeline

Noticeable rise in recent phishing campaigns compared to May of 2019.

To put the numbers in context, from March 1 through April 30 of 2020, Recorded Future tracked 7,934 retail-focused phishing campaigns, versus 4,319 in 2019 — an 83% increase in campaigns.

Typosquatting Campaigns

In addition to the rapid increase in phishing campaigns, there has also been a rise in typosquatting domains — domains designed to look like famous retail brands to either create fake online stores or use as part of a phishing campaign. As expected, top retail brands are the most heavily targeted using this tactic.

For example, Recorded Future noted 163 registered domains or subdomains registered from March 1 through April 30 pretending to be related to Amazon. Some of the malicious domains are designed to be used as fake websites, such as mail[.]amazon-login[.]online, while others are designed to be embedded in phishing emails, such as amazon-payment-declineds[.]theworkpc[.]com. Of course, Amazon is not the only major brand being heavily targeted right now — most of the major retail companies have seen a spike in domain registrations targeting their brand.

As Recorded Future has discussed previously, threat actors behind phishing campaigns are quick to adapt to changing situations. These threat actors are aware that more people are ordering delivery, so they have also targeted food delivery services. There were more than 40 malicious domains registered that were similar to Grubhub during the same period, and more than 70 that were similar to DoorDash. The grocery sector was also heavily targeted during this same period, with more than 150 typosquatted domains mimicking Kroger, 50 registered domains similar to Aldi, and more than 50 mimicking Publix.

Luxury brands have also been targeted during this period, with more than 400 Rolex typosquatted domains registered, and over 250 Macy’s typosquatted domains.

Closing Thoughts

The actors behind these phishing and typosquatting campaigns are very aware of what is happening in the world and they design their campaigns to prey on the things that are of greatest concern to their potential victims. Unfortunately, it is necessary to remain vigilant of even legitimate looking emails to ensure you are not giving your financial information to the wrong person.

Ready to take action? Download Recorded Future Express, our free browser extension, to start protecting your organization against phishing and typosquatting campaigns today.

The post Rise in Retail-Focused Phishing Campaigns During Pandemic appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/pandemic-retail-phishing-campaigns/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more