article featured image


According to Avanan, cybercriminals don’t need an excuse to try and con people out of their money. With Black Friday quickly approaching, their schemes are increasingly elaborate ahead of the holiday sales season.

Thanksgiving is typically when people get ready for the upcoming festivities that will be taking place soon. It’s no surprise that many will buy gifts for loved ones this time of year and that there will be a lot of online shopping around. 

You can’t buy a person’s trust by cutting prices, but this strong appreciation for offers from retailers naturally leads to a fresh attack vector for less scrupulous individuals.

The latest scam uncovered by Avanan is sending emails that look like order confirmations from big ordering companies. Users are tricked into applying for refunds on purchases they never made in the first place.

In many instances where the actual content is unavailable, clicking on an email or social media link can activate a classic phishing scam that collects personal credentials from the target. The result will be a direct bank transfer of your money into the attackers’ accounts, not a download like they thought they were getting.

The Gift That Keeps On Giving

Credential harvesting via bogus web links can be a rewarding and low-risk opportunity for cybercriminals. They’ll earn a dishonest buck by selling. 

There’s a clever scam that Avanan identified that impersonates the USPS and targets victims in the UK. It has most likely been created to take advantage of Black Friday, which is taking off in the United States after being promoted by large American companies.

“This email seems to be just a standard shipment notification with all the standard contents–like an order confirmation, shipping details, and a tracking number,” Avanan said.


“However, upon closer inspection, you’ll see that this tracking number is intended to lure unsuspecting recipients through a false sense of security. It’s associated with similar scams that are part of one large campaign.”

It concluded: “The email is also for a brand that leads to a malicious link when going to their website. The hackers want you to click on the Issue a Refund button. That redirects to a credential harvesting site.”

Online shoppers need to remain aware of their surroundings. Ensure you refrain from clicking on links from unfamiliar sources or opening email messages from big delivery companies and other organizations. You never know what those emails might contain.

“Black Friday and the coming holiday season are just around the corner,” it said. “This event has traditionally been associated with a widespread increase in phishing attempts that leverage these times of year to trick people. Some of the more clever scams will include a phone number you can call. These attacks not only steal web-based credentials but also get your phone number, which can be used in future attacks.”

Avanan expects to see a rise in phishing attacks on Black Friday, according to 2020’s research. It found that “special offer” phishing campaigns doubled last November.

The article continued, “These attacks happen on both business and personal emails. That increases the room for error on the end-user’s side. Between shipping notifications, special offers, refund notices, and more, we are inundated with legitimate emails around our holiday shopping. Unfortunately, hackers always get in on the latest trends and love to take advantage.”

We can predict that these same types of attacks will occur in 2022 too. For example, in 2020, according to CheckPoint, phishing emails doubled in November and a large percentage focused on “Special Offer” campaigns. 

Unfortunately, these types of scams are too prevalent and often happen in business and personal emails, increasing the room for error on the end-user’s side.

Traditionally, a holiday is about making memories with your family. But it doesn’t matter who’s at the table if you’re getting ripped off. 

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.