Contents:
On this Black Friday, you might get more than just some great deals as fraudsters are polishing their malware droppers, phishing lures, and bogus sites.
A thorough study outlining the most frequent dangers that are predicted to appear during this year’s Black Friday and Christmas shopping season was recently published by the researchers at Kaspersky.
What Did the Researchers Discover?
From January to October 2021, the researchers detected over 40 million phishing assaults, with Amazon, eBay, Alibaba, and Mercado Libre being the most common lures.
As BleepingComputer reported, in terms of trends, phishing actors increased their efforts to obtain account credentials for e-payment systems by 208 percent in October 2021 compared to the previous month.
While banking credentials are still targeted, phishing actors now choose e-payment systems, which have increased in use by 40% in the previous two years.
In 2021, it appears that bad actors deployed 11 different malware families against consumers, with more than half of them being variations of the Zeus banking trojan.
Cybercriminals do not limit their malicious activity to spreading shopping-related phishing scams. Banking Trojans are traditional tools for stealing access credentials to online banking or payment system accounts. Some banking Trojan families have evolved and developed their functionality, launching new variants and extending their range. Today, most of them are able to perform transactions, download other malware, and more. And some of them target not only people using online banking, but online customers of certain stores.
After two years of rather stable indicators in the number of attacks in 2019 and 2020, we observe a rapid decrease in 2021. In fact, the number of Banking Trojan infection attempts dropped by half from 20.5 million in 2020 to 10 million in 2021.
Malware is becoming increasingly specialized for e-commerce platforms, with the goal of stealing e-commerce account passwords, bank card information, CVVs, expiration dates, and phone numbers.
There are two types of phony websites that might cause difficulties for victims. The first is phishing sites, which steal credentials, and the second is scam sites, which take money.
In the first instance, the lures are often in the shape of emails purportedly issued by high-profile online stores or major e-commerce platforms, sending users to a bogus login page.
The second scenario contains sites that have cloned legitimate businesses by duplicating their CSS and all content, or simply bogus marketplaces that accept payments but do not transmit anything to the customer.
In certain circumstances, these sites may deliver empty mail to the victims in exchange for a legitimate tracking number and delay reports that will allow hosting providers or authorities to take them down more quickly.
Stay safe while shopping online
As Vladimir explained, the best way to stay safe is to be one step ahead of the scammers, by following some simple rules:
1. Before making a purchase, check the website’s credentials.
If you intend to do your Black Friday shopping online, investigate the store thoroughly before entrusting it with your personal information.
2. Check the pricing twice.
Checking to price with big stores is the easiest way to prevent getting duped by a fraudulent website boasting extraordinary savings.
3. Avoid clicking on every link you come across online.
If you come across a link, whether in an email, phone call, or instant messaging, the best thing to do is exit the chat window, forward the message to a rubbish folder, or simply ignore it.
4. Maintain a record of your orders.
If you receive an email or SMS concerning a failed delivery or re-confirmation, check your account first and then contact the delivery business.
5. Shop online using a credit card.
When making online purchases, it is strongly advised to use a credit card since it provides greater security than other ways of payment.
If you liked this article, follow us on LinkedIn, Twitter, YouTube, Facebook, and Instagram to keep up to date with everything cybersecurity.