Holiday Hazards: Thanksgiving and Black Friday Cyberthreats

As people prepare for Thanksgiving meals and Black Friday deals, cybercriminals are also prepping to take advantage of the holidays to spread malware — and not holiday cheer — to unsuspecting victims. The holiday season brings with it a spam campaign with a malicious payload (detected by Trend Micro TROJAN.W97M.POWLOAD.NSFGAICM)that takes advantage of Thanksgiving Day to spread malware via doc file attachments. Meanwhile, a Black Friday scam is also out to fool Amazon customers via the messaging platform WhatsApp, luring them with big discounts and directing them to a bogus phishing website.      

On November 19, we saw emails under the guise of Thanksgiving Day e-cards being pushed by cybercriminals in a spam campaign.

Figure 1. A sample of a spam Thanksgiving Day e-card

According to other security researchers, this spam email campaign may be delivering the modular malware Emotet to users. We also saw a spike in Emotet-laden spam emails using filenames that contain “Thanksgiving Day wishes” or “greetings” on November 21.

Trend Micro researchers also learned that cybercriminals use this malware sample in other non-Thanksgiving Day campaigns written in other languages, which could indicate that it is part of a bigger spam campaign.

[READ: Exploring Emotet: Examining Emotet’s Activities, Infrastructure]

Figure 2. An email written in Spanish using the same malware sample


Figure 3. Another email belonging to the same spam campaign, this time, a fake invoice written in French

As spam campaigns become more believable, the need for a multilayered cybersecurity defense — one that has machine learning technology that helps catch spam campaigns from even reaching the user’s network let alone endpoint — has become more vital.

Meanwhile, another scheme that takes advantage of the gift-buying season is an Amazon discount scam hosted on popular messaging platform WhatsApp. Scammers have been sending spam WhatsApp messages offering massive discounts on items sold on the online retail giant to users in an attempt to trick them into clicking on a malicious URL to get.

According to a report published by The UK Mirror, links in the spam email redirects users to a phony Amazon page with products listed at extremely discounted prices, prompting users to click on one of them. Once a product is clicked, the fake Amazon site will then ask for a user’s personal information, including name and address.

Before a user gets to order the selected products on the fake Amazon site, a pop-up message that tells the user to forward the phishing message to 10 other WhatsApp users will then show.

The legitimate-looking link sent via this phishing campaign may be hard to spot, especially by untrained eyes or just overly eager shoppers scrambling for a great deal. However, smarter machine learning technology can detect these using vast amounts of training data from previous scams of similar nature.

[READ: Online Shopping Trends and Threats]

Defense against Phishing and Spam

To protect users against spam, enterprises can take advantage of Trend Micro™ endpoint solutions such as Trend Micro Smart Protection Suites and Worry-Free™ Business Security. Both solutions protect users and businesses from threats by detecting malicious files and spammed messages, and blocks all related malicious URLs.

The use of artificial intelligence (AI) and machine learning in Trend Micro™ email security products enhances overall cyberdefense against BEC, EAC, phishing, and other advanced threats. Trend Micro’s anti-phishing technology combines the knowledge of a security expert with a self-learning mathematical model to identify fake emails by looking at both behavioral factors and the intention of an email.

Trend Micro has also introduced FraudBuster, which analyzes the contents of an email, SMS, or chat message from messaging platforms such as WhatsApp, to determine the likelihood of it being a scam. Users are encouraged to check any message using the free tool, if they have even the slightest doubt about its contents. FraudBuster also provides advice on how to proceed after receiving a fraudulent message.


Indicators of Compromise
























Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.