Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
November 21, 2016, Mike Browning
For many consumers, after the turkey, stuffing, and football, their Thanksgiving weekend is only just getting started—in 2015, online shoppers filled eCommerce shopping carts with $4.45 billion online on Black Friday and Thanksgiving Day. And with Black Friday shoppers poised to exceed those numbers this year, cyber threat actors are looking to carve up a nice big slice of the pie for themselves. According to RiskIQ’s Black Friday eCommerce Blacklist, our research into five leading Black Friday e-tailers, threat actors will do it by leveraging popular eCommerce brands to fool user traffic looking for Black Friday deals, coupons, and mobile apps.
For shoppers, what starts out as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust between them and their customers and prospects—talk about indigestion.
Nearly 30 percent of the massive influx of spend caused by Black Friday and Cyber Monday will take place on mobile devices, and as the New York Times covered earlier this month, even legitimate stores like the Google Play store and the Apple App Store harbor fake and fraudulent mobile apps. These apps use well-known branding to attempt to fool users into entering credit card information, which opens them up to potential financial fraud. Some fake apps contain malware that can steal personal information or lock the device until the user pays a ransom and others encourage users to log in using their Facebook or Gmail credentials, potentially exposing sensitive personal information.
Fig-1 Blacklisted Black Friday-themed mobile apps inside the RiskIQ Blacklist
But users are susceptible to fraud anywhere on the web, not just mobile. Landing pages that fraudulently use branding to phish for sensitive information or get users to click on links that redirect them to pages that host malware are also prolific.
To analyze the methods threat actors will employ this shopping season and where they’re targeting their malicious efforts, RiskIQ ran a keyword query of our Global Blacklist and mobile app database. In the mobile app space, we looked for instances of the brand names of five of the leading e-tailers in the United States used in malicious and fraudulent mobile apps. In our Global blacklist, we searched for instances of each brand name appearing alongside the term “Black Friday” in the malicious URL or cause page URL.
The results show that by leveraging e-tail brands by name to create malicious mobile apps and landing pages, Black Friday is a feast for threat actors. The report found:
The source of our Blacklists is RiskIQ’s collection of internet data, which our collection architecture of virtual users gathers by scanning, crawling, and passive-sensing the internet—including web pages, mobile apps and stores, and a variety of social websites and apps. RiskIQ’s crawling technology covers more than 300 million mobile devices, 1.8 billion HTTP sessions, 783 global locations across more than 100 countries, 16 million mobile apps, and 300 million domain records.
Download the full report, RiskIQ’s Black Friday eCommerce Blacklist, for more findings as well as ways to keep you and your family safe while shopping online this Holiday season.