Preparing for the holiday shopping season? Cybercriminals are getting ready as well

The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday. Retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.

Share of financial phishing in overall number of phishing attacks 2013 – 2016

As previous years have shown, a peak season for sales can also be a peak hunting season for criminals. While e-commerce customers are anticipating big sales, retailers are preparing for increases in store visitors, and financial infrastructures are getting ready for a huge increase in transactions; cybercriminals are preparing too.

As Kaspersky Lab threat statistics show, in 2014 and 2015 the proportion of phishing pages that hunt financial data (credit cards details) detected by the company during Q4 (which covers the holiday period) was around nine percentage points higher than the average for the other portion of the year. In particular, the result for financial phishing in all of 2014 was 28.73 percent, while the result for Q4 was 38.49 percent. In 2015, 34.33 percent of all phishing attacks was financial phishing, while in Q4, that type of phishing was responsible for 43.38 percent of all attacks.

In addition, the holidays influence the type of financial targets that criminals are after and the types of schemes they implement. Both in 2014 and 2015 Kaspersky Lab researchers witnessed a significant (several percentage points) increase in phishing attacks against payment systems and online stores. Attacks against banks also grew, but at a lower rate.

When trying to steal payment data, criminals may create a fake payment page of a famous payment system, copy legitimate online retailer websites or even create completely fake shops with incredibly attractive offerings. Cyber criminals also tend to exploit the Black Friday theme itself. While doing research into the threat landscape, in October 2016, Kaspersky Lab researchers spotted a Black-Friday themed phony internet shop offering products at attractive prices.

Share of financial phishing in different periods in comparison to the holiday period

“In 2014, we conducted some research into how the phishing threat landscape behaves itself in the holiday period, and discovered that the number of attacks against particular targets – payment systems and famous retail networks – increased during the Black Friday and Cyber Monday period,” said Andrey Kostin, senior web content analyst at Kaspersky Lab. “In 2015, the situation repeated itself and this makes us think that in 2016 it will happen again. So we urge users to be as cautious as possible when shopping online this season.”

Tips for avoiding holiday phishing scams

In order to avoid becoming a victim of holiday phishing scams during the upcoming Black Friday, Cyber Monday and holiday timeframe, Kaspersky Lab experts advises the following measures:

• Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious; created to download malware to your device or to lead to phishing webpages aimed at harvesting user credentials.
• Do not enter your credit card details on unfamiliar or suspicious sites, to avoid passing them into cybercriminals’ hands. If these websites are offering advantageous deals that look too good to be true, they most likely belong to criminals.
• Always double-check the webpage is genuine before entering any of your credentials or confidential information (at least take a look at the URL). Fake websites may look just like the real ones.
• Install a security solution on your device, with built-in technologies designed to prevent financial fraud. For example, Safe Money technology in Kaspersky Lab’s solutions creates a secure environment for financial transactions on all levels.