Home / About / Threat Intelligence / Shoppers Beware – Avoid being Scammed this Black Friday

Overview

Black Friday, as usual, has attracted unwanted attention from threat actors who are using tactics like bogus gift-card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address.

Impact

“The malware watched a user’s clipboard to find text that matches the normal length of a certain type of cryptocurrency wallet address,”
The scam depends on the victim not noticing that his or her crypto wallet address is on the clipboard when pasting it during the transaction. If successful, the transfer goes to the cybercriminal instead of the intended recipient.

Affected Products

Researchers have been tracking several websites that claim to provide gift card generators. These sites can be particularly misleading because they use well-known brands such as Amazon, Roblox, Google, Xbox and PS5.

One known scam used a gift-card generator to steal cryptocurrency from targets using a file titled “Amazon Gift Tool[.]exe” that was being marketed on a publicly available file repository site as a free Amazon gift card generator.

Mitigations

Don’t download random gift cards and vouchers. If you see websites offering all kinds of discounts on gift cards – be aware that these will turn out to be fakes or have been procured in an illegal way.

Don’t click on website links in an email or text – find them the long way round by typing it into a search engine. Be wary of google ads: scam companies sometimes pay to be at the top of Google’s search engine.

Paying money straight from your account into someone else’s comes with no protection, so do not be persuaded to do so. Where possible use Paypal, Google Pay, or Apple Pay to avoid providing your credit or debit card details to other parties.
– Research the retailer
– Be extra careful on online marketplaces
– Be wary of texts from delivery firms

If you have been a victim of a voucher / gift card scam:
– Report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. If you are in Scotland, contact Police Scotland on 101
– Report it to your relevant bank or payment card provider immediately. You will find out how to do so by looking on their websites.

Things to Look Out For
Watch out for 3 gift card scams this Black Friday:
– Check to make user the URL to the site you think you’re on is legitimate.
– Fake Gift Cards
– Gift Card Generators
– If someone asks you to pay for something by putting money on a gift card, like a Google Play or iTunes card – assume that they’re trying to scam you.

Threat Landscape

Because of the increase of shopper’s scams are extremely rife, threat actors like to take advantage of this. Its important to be wary of pop up that suggest well-known stores, as mentioned before double check the URL and make sure they are who they say they are. It’s always best to go directly to the website as its very easy for scammers to create copycat sites and its becoming increasingly easy for them to do this.

Based on reports to Action Fraud during the Black Friday and Cyber Monday sales, 23 November and 6 December 2020, the goods most associated with scams were: mobile phones (26%) electronics (17%), particularly consoles such as Xbox and PlayStation 5 vehicles (10%) clothing and footwear (8%) – this is not a surprise since the same brands are being used to scam people this year.

MITRE Methodologies

T1566 – Phishing

Further Information

New Twists on Gift-Card Scams Flourish on Black Friday | Threatpost
Black Friday: how to avoid scams when shopping for deals | Scams | The Guardian
Black Friday scam alert: how to shop safely – Which? News