Il Black Friday is about to arrive, but along with the discounts also comes the risk of phishing attacks e social engineering. The experts are raising the alarm Ermes Browser Securitywhich collected data from last year and cross-referenced it with recent analyses, outlining the forecasts for 2023. Using algorithms artificial intelligence, Ermes constantly analyzes the web to identify potentially counterfeit sites, in order to protect users and their sensitive information. Here are tips to avoid risks during the next discount period.
Black Friday, phishing risk and social engineering: the point of Ermes Browser Security
During events like the Black Friday eh Prime Days of Amazon, there has been an increase in attacks which has reached 400%especially regarding the attacks of spear-phishing. These targeted attacks exploit user interests, creating tailored offers that deceive the recipient.
Such attacks are estimated to be up to 10 times more effective than generic ones, exploiting people’s desires and lack of attention. Hackers exploit the names of computer giantsecommercebut also those of large logistics sites, simulating shipments and deliveries.
Campaigns phishing via SMS or email they aim to intercept highly probable situations during peak periods in commercial activities. A recent example is the 72% increase in targeted attacks on Italian post recorded in September and October. After a peak in attacks in May and July, Ermes detected a decline in September followed by a further increase in October. The reference to the Prime Days of July 2023, with increases equal to 7.5% more in total and +28% on Amazon.
What to expect
The most affected platforms include Amazon, eBay, but also Temu and Shopee, which show constant growth. According to Hermes experts, during the Black Friday 2023a significant increase in attacks is expected phishing, smishing e spoofing. These increasingly sophisticated and personalized attacks are difficult to distinguish from real offers. The use of artificial intelligence, such as ChatGPTto create deceptive messages and websites could make communications even more convincing, without typos or suspicious formats.
The attacks they can take different forms and are increasingly personalized. Among the most common types of attacks we find:
- Smishing: Sending deceptive text messages to your cell phone, often based on urgency and problems that need to be resolved immediately. The sender is often a reliable source to simulate credibility, accompanied by a link for entering sensitive data.
- Phishing via email: theft of sensitive information via infected emails, which simulate real communications from institutions or companies with the aim of inducing users to enter sensitive data on deceptive pages.
- Spoofing: Creating websites that mimic trusted entities, with the intent of tricking users into entering their credentials or sensitive information.
Lorenzo Asuni, CMO of Ermes Cyber Security, explains: “Our predictions are based on real data that we see and analyze every day. It is crucial to educate users to recognize the signs of smishing and spoofing and implement robust security solutions. Companies should strengthen authentication protocols and increase security awareness during sales periods: only in this
in this way it will be possible to counteract the action of hackers who have the possibility at their disposal to perfect their attacks”.
More information on the Ermes Browser Security website.