• by Ray Schultz , Columnist, November 27, 2019

Here’s a development that shouldn’t please anyone in this business: Forbes has published an article by Zak Doffman, founder of security firm Digital Barriers, warning people to be careful about the Black Friday emails they open.

We don’t expect this article will have much impact on the buying public, or on the anticipated haul: RTB House found in a survey that 38% of American consumers will shop online, and confirms findings by eMarketer that overall holiday sales will top $1 trillion. 

Still, while the headline for Doffman’s article says “Black Friday Cyberattacks Soared 275%. Here’s What You Do Now,” the Google search head screams “Why You Should Never Click On a Black Friday Email Deal.” What if it did scare some people away? (A check on Wednesday afternoon shows that Google is now featuring the more neutral headline). 

Not that Doffman is wrong. He bases his opinion on research by the security firm Check Point, showing that visiting ecommerce phishing websites has more than doubled this month over November 2018.

Check Point reports that threat actors will spam out emails using phony domains. For example, a phishing email is now offering a Black Friday discount of up to 80% on Ray-Ban Sunglasses.

Launched on Nov. 7th, this campaign has been sent to thousands of prospective victims.

People who click on the image are brought to a fake Ray-Ban website that uses the lookalike domain: xwrbs[.]com – rbs.

This domain “sounds like something related to Ray Ban Sunglasses but is not related to the authentic Ray Ban site," Check Point notes. In fact, the domain was set up a few days before the campaign was launched.

But let’s continue on the customer — rather, the victim —  journey.

People who fall for the fake offer are promptly led to the payment page. And if they do pay, “the sunglasses will probably never arrive …. or at best, a cheap fake might be delivered if the criminals are very generous. 

Actually, that sounds like an old-fashioned scam, the type that used to proliferate in the mail order field. But once the bad actors have your credit card number, there’s no telling what they might do with it.

Check Point advises consumers to:

1. Verify you are ordering from an authentic company. Google it before you click on any links. 
2. Beware of special offers that are too good to be true. 
3. Watch out for lookalike domains, spelling errors in emails and websites and unfamiliar email senders.

Here’s one more tip: Be careful when shopping for discounted Ray-Bans.