- 블로그 | 정치적 격동기에 IT 리더가 할 수 있는 역할
- 완전 자율 주행 자동차가 관광 산업에도 영향··· 웨이모, ‘2025 관광 영향 보고서’ 발간
- European cloud group invests to create what it dubs “Trump-proof cloud services”
- The OnePlus 12 is still a powerhouse in 2025 - and it's on sale for a limited time
- The 110+ best Amazon Spring Sale tech deals still live
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban.
The hackers craft enticing emails promising heavy discounts on these luxury products, with the email addresses manipulated to mimic the authenticity of the brands.
Despite the appearance of legitimacy, a closer look reveals that the email origins have no connection to the actual luxury companies, CPR noted.
Once the links within these emails are clicked, victims are led to websites meticulously designed to replicate the official sites of the targeted brands. These fraudulent sites peddle luxury goods at unbelievably discounted prices.
Check Point said that the real danger in the malicious intent behind these sites lies with the fact that they prompt the user to input their account details. This sensitive information then becomes vulnerable to theft by the attackers.
Delivery Sector Continues Leveraged by Cybercriminals
Ahead of the busy online shopping season, CPR also noted how cybercriminals are manipulating the delivery and shipping sectors.
In October 2023, there was a staggering 13% increase in the number of malicious files associated with orders and delivery/shipping compared to October 2022.
Recently, CPR found a campaign of Agent Tesla malware with Archive files delivered as attachments to emails using subjects related to orders and shipments, such as – po-######.gz / shipping documents.gz, luring the victim to download the malicious file.
Be Wary of Phishing Websites
CPR also highlighted examples of phishing websites, which have similar registered information and look similar to each other – offering well-known shoe brands at ridiculous prices.
Cybercriminals have invested significant effort in crafting deceptive websites that closely mimic authentic platforms, CPR noted.
This strategy aims to trick end-users into willingly providing their credentials. URL phishing serves as a pretext for executing credential harvesting attacks, and when executed effectively, it can result in the theft of usernames, passwords, credit card details, and other sensitive personal information.
Particularly, successful instances often prompt users to log in to their email or bank accounts.
