11.4 C
Tuesday, November 30, 2021

How Cybercriminals Tweaked Their Scams for Black Friday 2021

- Advertisement -

Black Friday is approaching and cybercriminals are perfecting their malware launchers, phishing lures, and bogus sites as shoppers prepare to open their wallets.

As Kaspersky researchers point out, scammers are already targeting people with fake tickets to the 2022 FIFA World Cup.

The security firm shared a detailed report highlighting the most common threats expected to emerge during this year’s Black Friday, as well as the holiday shopping season.

Data phishing and electronic payment accounts

Kaspersky products alone detected more than 40 million phishing attacks between January and October 2021, with Amazon, eBay, Alibaba and Mercado Libre being the most popular lures.

As such, if you receive emails about promotions and discounts on large e-commerce platforms, you should treat them with special caution.

In terms of trends, phishing actors doubled down on their effort to steal account credentials for electronic payment systems (also known as online payment systems), and October 2021 saw a 208% increase compared to the previous month.

While bank credentials remain a target, phishing actors tend to favor electronic payment systems more now, as they have increased in popularity by 40% over the past two years.

Types of phishing in 2021
Phishing targets in 2021
Source: Kaspersky

Banking Trojans fade

Kaspersky found that cybercriminals used 11 different malware families against shoppers in 2021, and more than half of them were variants of Zeus banking Trojan.

The list of other popular strains used in the 2021 malware attacks also includes Qbot (implemented in 13.9% of the total number of incidents), Anubis (13.4%), Trickbot (11.6%) and Neurevt ( 4.8%).

An interesting trend emerging from Kaspersky statistics is the number of infections, which has fallen from 20 million in the last two years to just 10 million this year.

This decline is in line with the shift in attention from threat actors to electronic payments. Most of these Trojan families have a narrow targeting scope limited to specific financial institutions or platforms, requiring more effort to target a wider range of potential victims.

The malware now deployed is more specialized for e-commerce platforms, seeking to steal e-store account credentials, bank card numbers, CVVs, expiration dates, and phone numbers.

Decrease in malware volume
Decrease in malware volume
Source: Kaspersky

Terminate on malicious sites

There are two categories of bogus sites that can cause problems for victims. The first is phishing sites that steal credentials and the second is scam sites that steal money.

In the former case, the lures usually come in the form of emails allegedly sent by high-profile online stores or popular e-commerce platforms, directing recipients to a fake login page.

Fake German eBay site
Fake German eBay site
Source: Kaspersky

The second case involves sites that have cloned real stores by copying their CSS and all content or just fake marketplaces that receive payments without sending anything to the buyer.

In some cases, these platforms send an empty envelope to victims, just to provide a valid tracking number and delay reports that would allow hosting providers or authorities to remove them faster.

This also reduces the chances that PayPal payment disputes will prevent funds from ending up in scammers’ accounts and allow victims to get their money back.

Cloned site offering products that will never be shipped.
Cloned site offering products that will never be shipped.
Source: Kaspersky

How to stay safe while shopping online

Remember, you will see many product discounts and sales promotions during the holidays. However, the chances that some of them are scams are higher than usual.

To protect yourself and your bank account, you should use an internet security solution from a trusted provider and always verify that you are on a legitimate site before entering your payment information.

If you come across an offer that seems too good to be true, it is probably a scam even in the context of Black Friday.

Finally, if you can use electronic payments instead of credit cards, it would be preferable due to the less serious repercussions in the event of a data breach.

There’s also single-use virtual cards with load limits, so if you want to play it safe while shopping at lesser-known stores, there are ways to do it.

If you have to pay with your bank account or card, check that the correct amount has been loaded and keep a close eye on all future transactions.

- Advertisement -
Latest news
- Advertisement -
Related news
- Advertisement -


Please enter your comment!
Please enter your name here