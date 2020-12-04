New Delhi: Online sales during festival seasons have always been a huge draw for cybercriminals. With this year’s festive sales running longer than before, the attackers had an even wider window of opportunity to target unsuspecting buyers.

Due to covid-19 more people are now buying online and making online payments, and that has made targeting festivals season sales all the more lucrative for attackers. During the October-November festive sales, online stores generated $8.3 billion in gross sales, growing at 65% year-on-year, as per RedSeer, a consulting firm.

Though, phishing scams with fake deals and discounts is still the most popular attack vector, threat actors are increasingly targeting buyers after they have made their purchase and are waiting for the shipment to arrive.

According to Check Point Research, shipping and delivery related phishing emails in India increased by 2200% in November as compared to the previous months. In comparison, globally shipping scams increased by 440%. In these scams, threat actors specifically impersonated companies such as Amazon, DHL and FedEx and sent phishing emails to shoppers with made-up messages about order delivery or shipment tracking.

In many of these attacks, the user was asked to sign into their account for verification or confirmation so attackers could steal their login credentials using MIMT (man-in-the-middle attack) to get into their other accounts.

These attacks were higher in November, as threat actors know that a large number of online shoppers are waiting for their packages and are likely to be more attentive to any shipping-related emails.

“Hackers are going after the entire online shopping experience, before and after you purchase. First, they will send you “special offers" to your inbox from your favourite brands. Then, they will send an email about the delivery of your purchase, even if you bought from a trusted source," warns Sundar N. Balasubramanian, managing director, India and SAARC, Check Point Software Technologies.

Further, in November, when many online stores were running their Diwali sales for Indian buyers, millions of new bad-bot attacks targeting e-commerce websites were detected by security researchers at Barracuda Networks.

The bot attacks were used by attackers to run distributed denial of service (DDoS) attacks, carry out fraudulent purchases and scan for vulnerabilities in devices or websites they could exploit.

