With the shopping season underway, cybercriminals are making efforts to capitalize from key holidays and users' craze for Black Friday and Cyber Monday discounts. Scams and malicious email campaigns are in full swing, and so are web-skimming operations that steal payment card information from vulnerable online stores.  The US-CERT released a warning this week about the growing number of emails with malicious links or attachments, malvertising campaigns, and donation requests from fake charitable outfits. The alert is backed by findings from cloud security company Zscaler that say they've "seen a steady rise in phishing attacks leading up to Black Friday and Cyber Monday". Between mid-October and mid-November, the company observed 723,942 targeted phishing campaigns and almost half a million generic spam attacks. In total, the company recorded almost 1.3 million events of this type. The research reveals that with some targeted attacks the purpose is to compromise Amazon accounts and steal payment card data. Two examples of fake pages for logging into Amazon and for billing verification show that cybercriminals have become adept social engineers, leaving few tells for the scam. To an unsuspecting user, the fake login page is indistinguishable from the original, but a look at the URL in the address bar gives away the fraud attempt since the domain name is not from Amazon. The absence of a secure http connection is another tale of mischievous activity, which browsers like Chrome will mark with a 'Not Secure' indicator. "The best defense is to always be conscious of the address bar. A store like Amazon is never going to ask you for sensitive information away from the Amazon site," advises Chris Mannon, a senior security researcher at Zscaler. There's more detailed information posted on OUR FORUM.