Thursday, November 14, 2024

Buyer Beware: New Malwarebytes Research Reveals Holiday Shopping Scams Involving PlayStation, Amazon, Walmart, and Temu

Must read

Fake websites, too-good-to-be-true deals, and a steady uptick in malvertising in advance of holiday shopping season

SANTA CLARA, Calif., Nov. 13, 2024 /PRNewswire/ — Malwarebytes, a global leader in real-time cyber protection, released new research revealing a slew of holiday-themed scams aimed at consumers this holiday shopping season. The scams involve popular gift-gifting categories, including gaming systems and gift cards, shopping platforms such as Amazon, and shipping services like USPS. Researchers also revealed a 41% uptick in malvertising, or malicious advertising, leading into Black Friday and Cyber Monday.

The ease and convenience of online shopping has shifted attitudes over the past few years with consumers spending $1.243 trillion online in 2023. While web browsers are the doorway to internet activity and specifically shopping, buyers should be aware that it’s also a convenient platform for fraud. Over the last five years, the Internet Crime Complaint Center (IC3) says it’s received 3.79 million complaints for a wide range of internet scams which resulted in $37.4 billion in losses.

“Web-based attacks are the new frontier for hackers,” said Mark Beare, GM of the Consumer Business Unit, Malwarebytes. “For years, attackers needed to get on your desktop to access files or private information. Today, most consumers readily enter and store passwords, credit card numbers, home addresses, and a list of other personal information into browsers and websites. It’s become a playground for criminals looking to make big money. While many consumers think they’re not a target, I caution that it’s not about you—it’s about you at scale.”

“I find the range and quality of brands being spoofed most alarming,” said Jérôme Segura, Senior Director of Threat Intelligence, Malwarebytes. “Criminals are investing money and leveraging AI tools to create very believable fake websites, shopping cart checkout pages, and scams. I urge consumers to avoid any sponsored ad links, be wary of where they enter information, and use browser protection tools to help stop credit card skimming, a truly silent threat.”

Malvertising on the rise

Malvertising, or malicious advertising, has seen a steady uptick leading into the holiday shopping season. Most malvertising hides in sponsored ads, making it especially pernicious for those browsing on mobile devices.

Last fall, Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the US. This year, researchers saw a similar uptick, with a 41% increase from July to Sept.

No brand is safe, including Google. Threat researchers tracked malvertising campaigns that spoof Google, Walmart, Disney+, Lowe’s, Apple–and even Malwarebytes.

Most (77%) of advertiser accounts used in malvertising campaigns are used once only, created quickly and then burned. Once that account is dead, cybercriminals spin up the next one and so on.

The bulk of accounts being used maliciously are based in the US due to a combination of fake identities and hijacked accounts. However, advertisers originating in a few regions, Pakistan and Vietnam, account for 90% of the fraud.

How to avoid online scams this holiday season

When using the internet, regardless of your device, keep these tips in mind.

  • Avoid clicking on sponsored ads: Conduct a direct search for your retailer of choice to avoid falling prey to prevalent malvertising tactics which have been known to spoof even huge, reputable brands such as Amazon.
  • Consider a Password Manager and MFA: With every site requiring a password these days, leverage a password manager to protect your payment information and set up multi-factor authentication where available.
  • Keep an eye on your financial statements: An uptick in online shopping deserves an uptick in your vigilance for checking online bank accounts, credit card statements, investment portfolios—any financial account data. Flag anything that seems suspicious for quick resolution. Also consider investing in an identity theft protection solution.
  • Run an antivirus solution: Most antivirus products offer some kind of web protection that detects malicious domains and IP addresses, including Malwarebytes Premium which offers web and phishing protection.
  • Use Malwarebytes Browser Guard: A free browser extension for Chrome, Edge, Firefox, and Safari that blocks scams, ads, trackers, and other types of malware. It stops users from going onto phishing sites, entering information into unsafe domains and downloading malware. It also blocks web trojans and credit card skimmers.
  • Clean up your personal data online: Mitigate risk by cleaning up publicly available personally identifiable data and see what’s for sale on the dark web. Anyone can check what information is already available about you on the dark web with the Malwarebytes free Digital Footprint scan or take the first step in removing your personal information from the network of data brokers online with a Personal Data Remover scan.
  • Remember: If it’s too good to be true then it probably is. Discounted items are tempting, especially at a time of year when lots of spending takes place, but these often amount to nothing. Instead, research the best deal at reputable retailers.

To read more about the latest threats and cyber protection strategies, visit the Malwarebytes blog, or follow us on Facebook, InstagramLinkedInTikTok, and X.

About Malwarebytes

Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. Built on decades of experience as the last resort to find and eradicate the latest malware, Malwarebytes is now trusted by millions of individuals and organizations to stop threats at each stage of the attack lifecycle, secure digital identities and safeguard data and privacy. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit  https://www.malwarebytes.com.

Malwarebytes Media Contact: 
Ashley Stewart
Director of Public and Analyst Relations
[email protected] 

SOURCE Malwarebytes

WANT YOUR COMPANY’S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3

440k+
Newsrooms &
Influencers

icon1

9k+
Digital Media
Outlets

icon2

270k+
Journalists
Opted In

Latest article