With the shopping season underway, cybercriminals are making efforts to capitalize from key holidays and users' craze for Black Friday and Cyber Monday discounts.
Scams and malicious email campaigns are in full swing, and so are web-skimming operations that steal payment card information from vulnerable online stores.
The US-CERT released a warning this week about the growing number of emails with malicious links or attachments, malvertising campaigns, and donation requests from fake charitable outfits.
The alert is backed by findings from cloud security company Zscaler that say they've "seen a steady rise in phishing attacks leading up to Black Friday and Cyber Monday".
Between mid-October and mid-November, the company observed 723,942 targeted phishing campaigns and almost half a million generic spam attacks. In total, the company recorded almost 1.3 million events of this type.
The research reveals that with some targeted attacks the purpose is to compromise Amazon accounts and steal payment card data.
Two examples of fake pages for logging into Amazon and for billing verification show that cybercriminals have become adept social engineers, leaving few tells for the scam.
To an unsuspecting user, the fake login page is indistinguishable from the original, but a look at the URL in the address bar gives away the fraud attempt since the domain name is not from Amazon. The absence of a secure HTTPS connection is another tell of mischievious activity, which browsers like Chrome will mark with a 'Not Secure' indicator.
"The best defense is to always be conscious of the address bar. A store like Amazon is never going to ask you for sensitive information away from the Amazon site," advises Chris Mannon, senior security researcher at Zscaler.
In another campaign spotted by Forcepoint, crooks used the Thanksgiving theme to lure unsuspecting users into downloading a message that delivered the Emotet malware along with holiday greetings.
A more serious risk that users cannot efficiently avert on their own is web-skimming attacks, which steal the financial details users provide on the payment page of a web store.
Multiple groups collectively known as MageCart are actively compromising online shops, sometimes sabotaging each other to get a larger piece of the pie.
These crooks can choose to attack the e-commerce site directly by exploiting vulnerabilities, or they can compromise a provider of a third-party library that runs on the payment page.
Statistics on MageCart attacks between September 20 and November 15 show a total of 7,424 events.
User-side defenses against the MageCart are limited as there isn't a reliable solution to guarantee protection even against common forms of such attacks.
The hope is with merchants, who can implement effective safeguards that ensure the integrity of third-party libraries loading on their websites. They can also reduce the attack surface by disabling scripts that are not needed for online payment forms.