The last quarter of the year is a productive time for cybercriminals, who targets on users rushing to get a good deal in advance of the holidays.
Black Friday, Cyber Monday and the pre-Christmas shopping rush see growth not just in sales, but also in malicious activity. In the last quarter of 2019, Kaspersky researchers detected a 9.5% growth in financial phishing alone with spam and scam activity also growing in numbers and variety.
As the holiday season comes to an end, analysis of the threat landscape that happened during the period gives better insights of changes in fraudulent activities. In 2019, the share of financial phishing continued to grow, surpassing over half (52.61%) of all phishing attempts in Q4.
Phishing is still an effective way of tricking users into revealing their personal data and credit card credentials to cybercriminals. Popular brands are often used as bait in this circumstance. One of the examples discovered by Kaspersky was a fake Amazon page, offering users Christmas promotions so criminals could steal their Amazon Prime credentials.
Such scams are often proven effective. There was significant growth, as highlighted from the analysis, when big names like eBay and Alibaba are used as bait for this phishing activity just before the holidays. Just a few days before Black Friday sales, the number of users trying to access eBay phishing pages grew quadruple, reaching over 8,000 attempts daily. These high levels of visits were retained until mid-December, with an additional peak a week before Christmas. A similar pattern was seen with phishing versions of the Alibaba website.
Spam emails also shows significant growth during the holiday season, but a significant difference in topics. Criminal schemes varied from promises of Christmas donations, to scams with attempts to steal cryptocurrency, or malicious emails sent to organizations as fake urgent Christmas orders. These holiday-related scams and spam emails not only happen during Christmas season; but, users in South East Asia also received typical ‘gift offers’, but instead tied to Lunar New Year.
“The holiday season is a time for impulse purchases and rash decisions. Pressure to get a good deal or buy presents can mean that users are distracted, making it easier for cybercriminals to take advantage of them. The hope of securing an amazing gift at a fantastic price, especially at this time of year, is a hard one to break. Criminals capitalize on that hope all year long, with the end of the year an especially fruitful time for them. Of course, this does not mean that anyone should abstain from shopping ahead of the holidays – users just need to pay extra attention to their credit card payments. It is possible that a subscription or a delayed charge for a present for friends or family could turn out to be fraudulent, as criminals often do not use stolen data straight away” – comments Tatyana Sidorina, security analyst.
To stay safe from spam and phishing, follow this simple advice:
If you receive a link to a great offer via email, make sure to check the embedded hyperlink - sometimes it may differ from the visible one. If it does, access the deal page directly through the legitimate website
Only make purchases through official marketplaces and pay attention to the web addresses if you are redirected to them from other landing pages. If they differ from the official retailer, consider checking the offer you were redirected to by looking for it on the official web page
Use a security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will notify you if you are trying to visit a phishing web page
Never use the same password for several websites or services, because if one is stolen, all your accounts will be made vulnerable. To create strong, hack-proof passwords without having the struggle of remembering them, use password managers, such as Kaspersky Password Manager