Black Friday scammers are turning to low-tech phone scams
Don’t remember ordering that big ticket item online? You probably didn’t
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Scammers have adopted new tactics to ensure the success of their phishing campaigns ahead ofBlack Fridayand this year’s holiday shopping season at a time when consumers have eschewed retail stores in favor ofonline shopping.
According to anew reportfrom the email security companyInky, scammers have stopped including malicious links and attachments in their phishing emails as anti-phishing technology has become much more effective at warding off even the most sophisticated attacks. Instead, they’ve begun crafting emails designed to impersonate big brands likeAmazon, Target and Walmart.
These emails which resemble an order confirmation from an online retailer are harmless when opened and don’t contain anymalwarewhatsoever. However, they do include a phone number that potential victims are instructed to call if they believe the order or shipping confirmation was sent to them by mistake. Receiving an email for items you didn’t buy can be troubling especially if you believe you’ve fallen victim toidentity theft. This creates a sense of urgency and victims often end up calling scammers on their own accord.
If a user does call the number included in one of these emails, someone working for the scammer on the other end of the call will try to extract their payment details and other financial information.
Phone scam threats
Over the summer, Inky saw so many of these emails impersonating retail brands that its engineers created a new threat model called Phone Scam. In the four months since this new threat model was rolled out, the firm detected 24,275 of these attacks targeting its customers and this number has steadily increased with Black Friday andCyber Mondayjust around the corner.
At the same time, these messages are sent using freeemail serviceslike Gmail and Hotmail which makes it much easier for them to pass email authentication protocols likeDMARC. So far Inky has seen scammers use this threat model to impersonate Amazon, PayPal, Target, eBay and other popular online retailers andmobile payment apps.
To avoid falling victim to these Phone Scam email threats, Inky recommends that potential victims carefully inspect the email address, writing and content of these emails to see if they are legitimate. Alternatively, you can also open yourbrowserand head to Amazon, Target or the website of any retailer mentioned in these scams and check your order history to see if you or someone else in your household might have ordered the item you’ve received an order or shipping confirmation for.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Other ways to protect yourself online during this year’s holiday shopping season include installingantivirus softwareon all your devices, using aVPNservice when shopping especially when connected topublic Wi-Fiand using apassword managerto generate and store strong, unique passwords for all of your online accounts.
We’ve also highlighted thebest malware removal software,best endpoint protection softwareandbest firewall
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
