Cybercriminals target shoppers with 38 million phishing scams

Cybercriminals launched over 38 million phishing attacks in 2024, targeting online shoppers as they prepare for upcoming sales events such as Black Friday.

Kaspersky has reported a notable 25% increase in cyber threats focused on the retail sector this year. Analysis shows that fraudsters are actively leveraging the excitement surrounding Black Friday deals to steal personal information and financial data and spread malware via deceptive links and platforms.

The cybersecurity company revealed that from January to November 2024, its solutions blocked 38,473,274 phishing attacks linked to online shopping, banking, and payment systems. Of particular concern, 44% of these attempts involved fraudulent impersonations of banking services, marking a significant increase from the 30,803,840 phishing incidents during the same period last year.

Scammers commonly impersonate well-known retailers such as Amazon, Walmart, and Etsy. They send fake emails that offer seemingly exclusive discounts, directing potential victims to bogus websites that closely resemble legitimate ones. Subtle errors, such as domain name alterations or spelling mistakes, often betray these fraudulent sites. Shoppers on these sites usually end up losing their money.

In another prevalent scam, fraudsters exploit the allure of winning prizes. They distribute messages encouraging people to participate in surveys with the promise of valuable rewards, like an iPhone 14. These schemes create a sense of urgency by suggesting that only a select few can access the offer, prompting recipients to respond quickly. In exchange for a "reward," scammers require users to provide some personal details, such as an email address, and make a financial transaction on a fraudulent site.

Kaspersky's investigation into these fraudulent activities has shown that the collected data is frequently used by the scammers themselves or sold on dark web marketplaces. The price of stolen data, which can include full credit card details (including card number, expiry date, CVV code, cardholder's name, billing address, and phone number), is determined by its perceived value on these illicit markets.

Marc Rivero, Lead Security Researcher at Kaspersky's Global Research and Analysis Team, comments, "This year, dark web markets mirror the pricing strategies and marketing tactics of legitimate online retailers. Some even offer Black Friday-style promotions, such as discounts and bundled deals, similar to seasonal sales found on mainstream websites." 

In this context, vendors have been found to offer a 10% discount on batches of stolen credit card details from countries such as Canada, Australia, Italy, and Spain. Prices for these stolen cards vary between USD $70 and USD $315, depending on the quality of the card and its origin.

Kaspersky offers several recommendations to safeguard against cyber threats while shopping online. Consumers are advised not to trust unsolicited links or attachments and should verify the sender's authenticity before opening such communications. It is crucial to ensure the legitimacy of e-commerce websites by carefully checking URLs for errors and examining the website's design for inconsistencies.

Individuals should also protect their devices with reliable security solutions. It is advised to check reviews before purchasing from unfamiliar companies. Vigilance with bank and credit card statements is necessary to identify and address any unauthorised transactions quickly.