A security company is warning that cybercriminals are targeting Black Friday and Cyber Monday sales in massive phishing campaigns that attempt to steal personal and financial details from unsuspecting consumers.

The new report from Barracuda Networks Inc. out today showcases real examples of phishing emails offering time-sensitive gift cards and huge discounts impersonating brands such as Amazon.com Inc., Wal-Mart Stores Inc., Kohl’s Corp., Luxottica Group SpA’s Ray-Ban sunglasses and Michael Kors Holdings Ltd.

Although Barracuda investigated a number of leading brands, the report noted that the names of the brands the attackers are impersonating are less important than the tactic, since criminals can quickly change the name of the brand and launch new mass phishing scams.

The goal is to convince consumers to register or log into what they think is their account in order to receive a gift card or discount. “Sadly, no gift card or bonus bucks will be received, but instead consumers end up surrendering their account credentials — which can lead to all types of destructive behavior,” the report said. “Cybercriminals can steal account credentials and log into these accounts, and both retrieve credit card information, additional personal information and learn about a user’s shopping history for future social engineering attacks.”

Although more and more consumers are aware of phishing campaigns, the report noted, attackers take advantage of the fact that many consumers do not usually buy directly from a given brand and hence won’t recognize a fake webpage over the original.

Those relying on email security solutions to protect them from these attempts also need to know that in many cases, the phishing attacks are not blocked because the criminals use URL shorteners and redirectors in order to get the emails through to users. “These attackers are leveraging the fact that security solutions don’t block most URL shortening services, which is a popular way to share URLs,” the report noted. “The redirectors are being used in order for these messages to appear like users aren’t visiting malicious sites. Tricky tactics no doubt, that will help criminals get their emails received and opened by end users.”

Consumers are advised to play it safe by not clicking through on any promotional Black Friday and Cyber Monday emails they receive but instead visit the intended site directly. In addition, consumers should check hyperlinks to make sure they look legitimate and check the certificate in the left-hand corner of the site to make sure it’s allocated to the site they believe they are on. For example, a certificate on Amazon.com will say that it’s for Amazon and not another site or company.

Image: 8209323197/Flickr