Black Friday is approaching and the digital landscape is becoming riskier. According to a survey by NordVPN, attempts to access fake online stores increased by 35% in October, in comparison with September, and the number is expected to grow even more during Black Friday and Cyber Monday
On clandestine platforms, the trade of phishing kits and fake store layouts is on the rise. NordVPN data reveals that, between September 1 and October 31, the Threat Protection Pro™ tool blocked 13,4 million attempts to access fake stores, a significant leap compared to the 9,9 million registered in September
Adrianus Warmenhoven, cybersecurity specialist at NordVPN, highlights: "Cybercriminals are using AI tools to quickly and more efficiently create fake stores". These fraudulent sites not only collect personal and payment data from consumers, but, in some cases, result in direct financial losses, where the customer pays for products they never receive
Sites with a professional appearance, created to look like legitimate stores, are designed to deceive even the most cautious consumers. Some falsify the visual identity of major brands, using tricks like slightly altered URLs (for example, "Arnason" instead of "Amazon", and link shorteners to mask phishing sites. The practice makes fraudulent websites seem more trustworthy, misleading consumers
Furthermore, it is easy for hackers to find ready-made kits for creating fraudulent websites, widely available on the internet. There are even courses and forums where it is possible to learn how to use these tools, facilitating the work of people with little technical knowledge
The dark web also hosts malware-as-a-service subscription services for just $100-150 per month, while phishing kits are usually available for free
The NordVPN specialist explains that criminals can find free phishing kits, fake website layouts starting at US$50 (around R$ 289), and even malware services by subscription for about $150 (R$ 866) per month. More advanced items, like cookie grabbers, they can cost US$400 (R$ 2.310) or more and allow the theft of users' active cookies, facilitating account invasions without the need for passwords
The scammers impersonate major platforms, like PayPal, Amazon, Shopify, banks and even Netflix to reach their customers. The resources used to create these fake store pages include customization – due to the use of HTML encoding – and promise easy setup. These pages provide details on card verification and strong anti-bot systems. Furthermore, they are designed to block site verification and have the ability to bypass OTP (one-time password) and 2FA systems, "at the same time they are designed to avoid detection", says Warmenhoven
As a result, cybercriminals have a wide range of tools to create scams and obtain support through easily accessible Telegram channels and forums, as highlighted in the ads below
Dark Web Offerings: Malware and Cookie Grabbers
Cookie capture pages are among the most expensive online scam kits found on the dark web. These pages are created specifically to capture cookies from the user's browser or social media platforms, like Facebook, that hackers can use for nefarious purposes
"NordVPN's research revealed that over 54 billion cookies were found for sale on the dark web", highlighting the scale of this problem. You may not realize that, if a hacker obtains your active cookies, he really won't need login credentials, passwords or even multi-factor authentication to log in and take control of your accounts. The most commonly stolen personal information from cookies includes names, email addresses, cities, passwords and addresses, says Warmenhoven
To protect oneself, Warmenhoven suggests a critical approach: "If the offer seems too good to be true, distrust. Furthermore, details such as grammatical errors, low-quality images and broken links usually indicate a fraudulent site. He offers more tips to identify trustworthy websites
- Check contact information:Legitimate sites provide a physical address, phone and email usually visible in the header, footer or in the "About" section
- Read privacy policies and terms of use:Legitimate sites have clear policies for returns and refunds
- Avoid unusual payment methods:Sites that insist on bank transfers, gift cards or cryptocurrencies should be viewed with caution
- Research the seller's reputation:Search for the store name in combination with terms like "reviews" or "fraud" and avoid sites with negative reviews
Strategies to avoid scams during Black Friday
Despite the growing digital threat, there are strategies that can help mitigate risks. The use of NordVPN's Threat Protection Pro™ blocks malicious sites, analyzes downloads for malware and blocks trackers, improving user data security. Warmenhoven also suggests
- Detecte phishing:Malicious emails and SMS messages are one of the main causes of malware infection
- Avoid downloads from unknown sources:Choose official stores or verified websites to download apps and updates
- Delete cookies regularly:This minimizes the data available to attackers
- Enable multi-factor authentication (MFA):This adds an extra layer of security, useful in case a hacker gains access to your credentials
- Use dark web monitoring tools:The NordVPN Dark Web Monitor tracks leaks and alerts if the user's email is found in compromised databases
