Black Friday, the day after Thanksgiving, marks the start of the American holiday shopping season. Brick-and-mortar retailers gear up for it by offering gargantuan sales to get shoppers in the doors.
But they're not they only ones getting ready. Cybercriminals are prepping their online wares too.
Many of the scams also target Cyber Monday, which falls on the Monday after Thanksgiving. For the past few years, Cyber Monday has been the biggest day for online retailers, who entice customers with special "one day only!" promotions.
MORE: What Is Cyber Monday?
Search the Web for "Black Friday" and there will be thousands of sites promoting sales and discount codes. The sad thing is, a lot of the sites are fake. Instead of selling things, they're designed to part unsuspecting users from their money, infect computers with malware or steal personal and financial information.
The deluge has not really yet begun, but researchers have already flagged Black Friday and Cyber Monday messages around the following products.
Last year's hot items at a discount
Black Friday and Cyber Monday promotions are all about deals that sound too good to be true. Scammers, on the other hand, often go for a bit of realism, said Andrew Conway, a security researcher with Cloudmark, an email security provider in San Francisco.
Many of the special sales Cloudmark observed involved older, yet still popular, products, as opposed to newer and shiner gadgets. That's not to say scammers aren't offering the iPhone 5s as bait; Apple products are a great lure for hooking unwary users.
Cloudmark researchers noticed several Black Friday-related spam campaigns touting hot-ticket items from last year, such as the fourth-generation iPad.
It's reasonable to assume that last year's must-have gift items would be on sale this year. Spammers respond to what people are expecting, and no one expects to get a hot product like the second-generation iPad Mini for $100, Conway said.
But when it comes to last year's products?
"Oh yeah, people expect to see a deal on those," Conway said.
The Sunday after Thanksgiving is often the most heavily traveled day of the year in North America. It makes sense that cybercriminals would take advantage of that fact, said Troy Gill, senior security analyst at anti-spam outfit AppRiver in Gulf Breeze, Fla.
AppRiver researchers observed a huge array of malicious emails pretending to be airline ticket confirmations — hundreds of millions, said Gill. Nearly every major U.S. airline has been spoofed, with one recent campaign targeting Delta Airlines.
One common fake airline-confirmation email includes flight details in the body of the message and has an executable file as an attachment.
The executable attachment is a Trojan horse. Once clicked, it installs a backdoor that allows remote access to the victim's PC, and also installs a rogue antivirus program.
This particular strain of rogue AV shuts down all other installed anti-virus software, turns off the firewall settings that keep out malware and then displays multiple "Your machine is infected!" warnings.
The user is invited to buy the fake AV software in order to "clean" his machine, but of course, he'll only be handing over his credit-card information to cybercriminals.
If "all this wasn't bad enough," said Gill, the Trojan also adds the infected computer to a botnet and commandeers the machine to send out thousands of spam emails per hour.
No such thing as free airline tickets
Speaking of airline confirmations, there has been an uptick in the "get tickets for free" scam on Facebook offering users seats on Southwest Airlines flights home for the holidays.
Clicking on the Facebook wall posting offering the deal doesn't take you to Southwest Airlines' page. Instead, it redirects users to pages and pages of surveys, for which the scammers get a few pennies, while also spamming your Facebook friends' news feeds.
Easy consumer-electronics scams
Consumer electronics are a Black Friday staple, both for legitimate retailers and for scammers. Flat-screen TVs and video-game consoles represent a significant volume of Black Friday scams as well as sales, possibly because their price points are significantly higher than those of average items, said a representative from San Diego-based Internet-security provider Websense.
With higher prices comes the prospect of larger savings, making it even more likely that consumers are looking for great deals on big-ticket products.
Last year, Websense flagged spam campaigns using certain high-priced hooks: the latest iPhone, Sony PlayStation consoles and flat-screen TVs from well-known brands. Websense also noticed what its representative called a "number of persistent penny-auction campaigns" for such products.
Coach, Chanel, Louis Vuitton handbags for cheap
While counterfeit products from luxury brands such as Coach, Chanel, Rolex, Christian Dior and Louis Vuitton are available year-round, Cloudmark observed an uptick in emailed offers as the scammers geared up for Black Friday, Conway said.
The "luxury replica" spam campaign is the most prevalent holiday scam so far, according to Agari. Messages are sent from spoofed email addresses purporting to be from your bank, your shipping company, a well-known consumer-electronics company or even just a friend.
Some of the websites pushing counterfeit luxury items have updated themselves to reflect their own "Thanksgiving Day sales," much as would a legitimate retailer.
Email messages from spoofed addresses such as "mac.com" and "fedex.com" direct users to Web marketplaces with deals on Rolex watches and handbags from Prada and Chanel.
Subject lines include "Start thinking about Christmas," "Early Christmas orders," "Pre-Christmas ordering," "Christmas Discount Code enclosed," and "Never too early for Christmas."
Since users are looking for online-shopping discount codes, subject lines such as these make it likely the users will click on the link.
Unlike other Black Friday scams, users clicking on these messages won't be immediately infected, or have their identities stolen by phishers.
Instead, the customers will be getting the products they purchased — the products will just be fake.