Black Friday is a big day for shoppers. In 2016, 154 million consumers shopped over Thanksgiving weekend and spent $9.36 billion, constituting a year-over-year increase of 16.4 percent.More than half of that money spent ($5.27 billion) occurred online. Building on those figures, Black Friday 2017 looks like it will be even bigger than in previous years. Forbes forecasts consumer spending over the holiday weekend will increase by 47 percent.Given the amount of money involved, it’s not a surprise that threat actors prey on shoppers around Black Friday. These bad actors leverage phishing pages, malicious apps and malware to make off with unsuspecting users’ credit card information.They also steal access to people’s email and social media accounts, so that they can potentially exfiltrate sensitive information and launch secondary attacks against victims’ family, friends and contacts.To help protect users this holiday season, RiskIQ ran a keyword query of the RiskIQ Global Blacklist and mobile app database, a tool which consists of 2 billion daily HTTP requests, 783 global locations across more than 100 countries, 20 million mobile apps, and 300 million domain records.It looked specifically for instances of the brand names of the five leading e-tailer brands in the U.S. that appeared alongside “Black Friday” in blacklisted URLs or cause-pages (pages that send users to pages hosting malicious resources).With respect to the mobile platform, the San Francisco-based security firm found that four percent (one in 25) of the 4,356 mobile apps it discovered were blacklisted as malicious.At least 15 of those apps contained both the branded terms and “Black Friday.” Outside the holiday weekend, RiskIQ discovered a combined total of 32,000 blacklisted apps for the five leading brands.
RiskIQ 2017 Black Friday e-Commerce Blacklist page 2Lou Manousos, CEO of RiskIQ, says that malicious actors go to great lengths to conceal their mobile programs’ true functionality:“Savvy threat actors will use convincing branding, language, and URLs to make their apps and landing pages more realistic and more difficult for users to quickly authenticate. However, many of the schemes that leverage popular brands during the Black Friday season depend on user indiscretion. These blacklisted apps and landing pages are often meant to mimic legitimate ones, but if scrutinized, telltale signs become apparent.“Manousos notes that users can protect themselves against these malicious apps by downloading programs from only official app stores, looking out for suspicious or inconsistent permissions, taking an app’s good reputation with a grain of salt, and exercising caution around programs created by unknown developers that exhibit poor grammar and spelling errors.”Bad actors don’t limit their “Black Friday”-themed campaigns to mobile, however. In its 2017 keyword search, RiskIQ also found 19,218 cause-page URLs that contained “Black Friday” and 10,175 blacklist URLs that carried a “Black Friday” theme.
RiskIQ 2017 Black Friday e-Commerce Blacklist page 3Users can protect themselves against these types of web-based threats by verifying the domain of a website, not providing credit card information unless they’re sure they’re on a secure shopping portal, and looking for “S” in “HTTPS” before they submit any financial or personal information.RiskIQ’s CEO feels that brands also have a part to play:“The onus is now on brands to protect their customers and prospects by making sure that their brand is not being abused across the web and mobile space. It’s crucial that retailers monitor and police the distribution and use of apps and websites using their branding, awareness that requires internet-scale visibility into how their brand is being used across the web and mobile app ecosystem. Aside from making sure there are no blacklisted apps and sites leveraging their brand, businesses should be making known threat campaigns leveraging their brand public as a warning to consumers.”For advice on how to defend against other digital threats that prey upon users around Black Friday, click here.