Avid shoppers scouting for attractive offers this Halloween week are in for a scary experience.
Cybersecurity experts have urged shoppers to exercise restraint, and to read mail ids and URLs carefully.
They have cautioned shoppers about ‘branded phishing’ mails that could trick you into giving away key personal information to hackers.
In ‘branded phishing’, hackers use the names of popular brands to lure shoppers to similar-looking web addresses, to steal their personal and financial information. They even host web pages that look similar to the pages run by the original brands, in order to dupe gullible shoppers.
To cash in on the huge interest in products and services of certain brands, hackers have created mail IDs that mimic popular brands.
Check Point Research (CPR) has come out with a report on how hackers are duping online shoppers.
CPR has urged the public to double-check any delivery e-mails for suspicious language after purchasing costumes and other stuff this week.
Logistics services company DHL tops the list, accounting for 22 per cent of all the phishing attempts reported globally.
Phishing mails around the brand Microsoft take the second slot with 16 per cent, and LinkedIn third place with 11 per cent.
The other brand namesbeing used by cybercriminals to dupe shoppers include WeTransfer, Walmart, WhatsApp, HSBC and Instagram.
“They send links to fake websites to targeted individuals by email or text messages. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information,” the report said.
How to be safe
“Double-check the shipping email after purchasing your costumes and Halloween décor this week,” Omer Dembinsky, Data Research Group Manager at Check Point, said.
It’s crucial that anyone expecting a delivery goes straight to the official website to check progress. Do not trust e-mails, particularly those asking for information to be shared,” he said.
People should be suspicious of emails that ask for a reset of passwords. If the mail demands urgent action, you must be more careful. “You should avoid sharing personal information. Look for grammar and spelling errors in the email,” the report said.