Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.
Cybercriminal Tools: A Growing Threat
Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:
- Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
- Fake website templates: Start at $50, tricking users into sharing personal information.
- Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
- Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.
These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.
The Role of Stolen Cookies in Cybercrime
Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:
- 154 million authentication cookies, 23.5 million of which remain active.
- 37 million login cookies, with 6.6 million still usable.
- 30 million session cookies capable of bypassing 2FA.
These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.
Protecting Yourself from Cyber Threats
Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:
- Scrutinize links and websites to avoid phishing scams.
- Switch to advanced authentication methods such as passkeys where available.
- Stay informed about emerging cyber threats and adopt proactive security practices.
By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.
