The Black side of Black Friday: scams and payment fraud increase by 208%
As always, Black Friday records the peak of online payments, but with them also come scams. Kaspersky researchers show a 208% increase in online fraud.
Black Friday and scams: Kaspersky’s data is alarming
In the run-up to Black Friday, Kaspersky researchers observed an increase in the number of phishing attacks that reproduce fake electronic payment pages. The total number of these scam attempts is more than doubled from September (627,560) to October 2021 (1,935,905)with a percentage increase of 208%. This and other findings are available in the Kaspersky report “Black Friday 2021: How to Have a Scam-Free Shopping Day”.
The sales season is a favorite time of the year for shoppers and retailers but not only for cybercriminals too. In this period, in fact, the attackers exploit the desire of users to do business online by creating fake web pages that reproduce the largest retail platforms and electronic payment systems.
During the first ten months of 2021, Kaspersky products detected more than 40 million phishing attacks targeting e-commerce and e-shopping platforms, as well as banking institutions. After 18 difficult months, brick-and-mortar stores have experienced a recovery in 2021 and shoppers have partly returned to offline shopping. In fact, Kaspersky researchers have not observed typical seasonal phishing trends related to online shopping, such as the significant influx of web pages with offers that are too good to be true or the growth of retail-related scams.
Spam and financial phishing emails are also on the rise
However, there is one notable exception. In 2021, the total number of financial phishing attempts targeting electronic payment systems more than doubled. In particular din September (627.560) in October (1.935.905) with a percentage increase of 208%. Indeed, this year we have seen the introduction of new payment systems in various countries due to their undeniable convenience. As user adoption of these systems has skyrocketed, scammers have begun to actively exploit them. It is a kind of bait to spread malicious activities.
In addition, there has been an increase in the number of spam emails detected by Kaspersky products. From 27 October to 19 Novemberin the period just before the sales season, were registered 221,745 spam emails containing the words “Black Friday”.
Kaspersky researchers also analyzed which of the most popular shopping platforms were used as bait to spread phishing pages.. Looking at the total number of phishing scams that exploit online store names it was observed that Amazon is the most used bait. For most of 2021, the second most exploited was eBayfollowed by Alibaba and Mercado Libre.
“During the Black Friday season we always see an intensification of scamming activity. Perhaps a little more unexpected is the attention paid to electronic payment systems. This time around, we discovered a staggering 208% increase in the number of attacks mimicking popular payment systems. Of course, each new payment application is seen by scammers as a new opportunity to potentially exploit users “, said Tatyana Shcherbakova, security expert at Kaspersky.
“So, to protect your data and your money, it is important that you always make sure that the online payment page is secure. For example, look at the URL of the web page to understand if it starts with HTTPS instead of the usual HTTP and if there is a padlock icon next to the URL “, Tatyana added.
Kaspersky’s tips for protecting yourself from Black Friday scams
Here are some recommendations from Kaspersky to avoid falling into the trap of cybercriminals:
- Use a reliable security solution like Kaspersky Security Cloud, which identifies malicious attachments and blocks phishing sites, both on your computer and mobile devices
- Do not open attachments or click on links in emails that come from banks, electronic payment applications or shopping portals, especially if the sender is particularly insistent. It is recommended that you go directly to the official website and log into your account from there.
- Check the URL format or the spelling of the company name. Read the reviews and check your domain registration details before filling in any information
- Be wary of offers that sound too good to be true, they usually aren’t