Thanksgiving in the United States is still a week away, but online scammers for more than a month have been gearing up for the busy Black Friday shopping that comes the day after.

Cybersecurity firms are warning about various schemes designed to separate anxious shoppers from their money and data as the holiday shopping period begins in earnest. The U.S. Internet Crime Compliant Center (IC3) reported that over the past five years, 3.79 million complaints filed resulted in $37.4 billion in losses, with $12.5 billion reported last year.

England’s National Cyber Security Centre (NCSC) this month said shoppers lost £11 million – almost $14 million – to online scams during last year’s “festive shopping period.”

The scams aimed at shoppers this year are ramping up. Threat researchers with cybersecurity firm Kaspersky began seeing an uptick in spam emails using the term “Black Friday” in early September, with the numbers surging to more than 198,400 in the first two weeks of November.

“Scammers often impersonate major retailers like Amazon, Walmart or Etsy with deceptive emails to lure unsuspecting victims,” they wrote in a report this week. “These emails typically claim to come from the companies themselves and promote exclusive discounts, especially during high-traffic shopping periods like Black Friday.”

Special Buys, Discounted Prices

The pointed to one campaign this year that Amazon’s “special buyers team” was offering an exclusive sale of up to 70% off on handpicked items that shoppers shouldn’t miss, adding that “emails like this are designed to exploit the urgency and excitement of seasonal sales to trick consumers into clicking potentially dangerous links.”

Such emails usually come with a link that redirects the victim to a fake online store website. If the victim tries to buy something, they likely lose money and whatever data they enter on the fake website – like payment details – are grabbed by the scammers and used for other fraudulent purposes, including unauthorized purchases.

Other scams include fake limited-time surveys with prizes – often with a hyped sense of urgency, including saying the target is only among a “select” handful of eligible users – aimed again at getting victims to make purchases and hand over information.

“A similar scheme goes for gift cards. Scammers offer a ‘reward’ for sharing some ‘basic info,’ such as an email address, and spending some money on a fake site,” they wrote.

They also warned of fake mobile shopping apps and banking trojans, and noted that stolen shopping data often end up being sold on the dark web.

Sellers are Also in the Crosshairs

It’s not only shoppers who are at risk, according to Kaspersky. The researchers detected a fake verification scheme aimed at people registered as sellers on the Etsy platform. The scammers, armed with a copy of the company’s seller database, sends emails to sellers saying their account is temporarily blocked and gives them a link to unlock it.

They’re directed to a fake website where they’re asked to enter such data as bank card details – including the card numbers, expiration data, CVV, and billing address – for verification, and the scammer steal the data.

SilkSpecter on the Prowl

Analysts with threat intelligence firm EclecticIQ said that in early October, they detected a phishing campaign run by a Chinese threat group called SilkSpecter and targeting ecommerce shoppers in the United States and Europe looking for Black Friday discounts. The bad actors used fake products supposedly discounted by as much as 80% as lures in a phishing campaign to entice people to hand over their credit card and authentication data and personally identifiable information (PII).

SilkSpecter used Stripe, a legitimate payment processor, which “allowed genuine transactions to be completed while covertly exfiltrating sensitive CHD [cardholder data] to a server controlled by the attackers,” they wrote in a report. “SilkSpecter enhanced the phishing site’s credibility by using Google Translate to dynamically adjust the website’s language based on each victim’s IP location, making it appear more convincing to an international audience.”

Once the victims landed on a page hoping to get exclusive deals, the group’s phishing kit deployed several website trackers to collect activity logs, capture browser metadata like IP addresses and geolocation information. Victims also were prompted to enter their phone numbers, which the analysts said SilkSpecter could exploit in subsequent voice or text phishing attacks.

Fake Ads and Spoofed Sites

Trend Micro researchers outlined four scams, including fake ads and spoofed websites leveraging The North Face brand, gift card scams from bad actors posting as Sam’s Club, and delivery scams that appear to come from the U.S. Postal Service (USPS), customers, or another delivery service.

Meanwhile, Malwarebytes researchers warned of efforts they’ve detected, including brand impersonation scams via the Chinese ecommerce site Temu, Amazon, Walmart, and USPS, and credit card skimmers on online stores, especially smaller retailers. Skimmers are pieces of malware injected into a website most often through security flaws in content management systems or plugins on the site itself.

The skimmers are used to steal credit card data and Malwarebytes saw an uptick in the use of them last year.

In addition, the use of malvertising – or malicious advertising – is growing, with the cybersecurity firm seeing a 41% jump from July to September as the holiday shopping season drew near.

“In terms of the actual advertiser accounts that are used in malvertising campaigns, most are based in the US and are set up using a combination of fake identities or hijacked accounts,” the researchers wrote. “However, according to our research findings, ads originating in Pakistan and Vietnam account for 90% of the fraud.”

Vigilance, MFA are Urged

Much of the advice security firms give urges shoppers to use their common sense – if a deal looks too good, it probably is, don’t get rushed into making a decision, and protect online accounts by using strong and varied passwords and multifactor authentication (MFA) when possible.

They also recommend using ad and malicious content blockers, research websites, check the site’s URL,

“Black Friday scams commonly spread through social media, search engine ads and, most frequently, mass email campaigns,” Kaspersky researchers wrote. “As Black Friday continues to be a major shopping event, it also remains a source of profit for cybercriminals looking to exploit consumers and businesses alike. Scammers capitalize on the urgency and high traffic surrounding Black Friday sales, with phishing campaigns harder to spot among streams of other limited time offers.”