Gadget

Financial phishing booms

The last quarter of the year is a fruitful time for cybercriminals, who prey on users rushing to get a good deal ahead of the holidays. Black Friday, Cyber Monday and the pre-Christmas shopping rush see growth not just in sales, but also in malicious activity.

Kaspersky researchers detected a 9.5% growth in financial phishing alone in the last quarter of 2019, with spam and scam activity also growing in numbers and variety. Ironically, the news comes as the world marks Safer Internet Day on 11 February.

With the holiday season over, analysis of the threat landscape during the period provides better understanding of changes in fraudulent activities. In 2019, the share of financial phishing continued to grow, surpassing over half (52.61%) of all phishing attempts in Q4.

Financial phishing dynamics in 2019

2019Q3Q4
Financial phishing total43.19%52.61%
E-shop5.52%8.89%
E-banks22.46%29.73%
E-payments15.21%14.00%

Phishing remains an effective way of luring users into handing over their personal data and credit card credentials to cybercriminals. Popular brands are most often used as bait. One of the examples discovered by Kaspersky was a fake Amazon page, offering users Christmas promotions so criminals could steal their Amazon Prime credentials.

An example of the Amazon phishing page

Such scams often prove effective. The analysis of phishing activity using the eBay and Alibaba brand-names as bait showed significant growth just before big shopping holidays. Just a few days before Black Friday sales, the number of users trying to access eBay phishing pages grew four-fold, reaching over 8,000 attempts daily. These high levels of visits were retained until mid-December, with an additional peak a week before Christmas. A similar pattern was seen with phishing versions of the Alibaba website.

The number of blocked attempts to visit phishing versions of eBay (right) and Alibaba (left) by Kaspersky users

Spam emails also showed slight growth in the holiday season, but a significant diversification in topics. Criminal schemes varied from promises of Christmas donations, to scams with attempts to steal cryptocurrency, or malicious emails sent to organisations as fake urgent Christmas orders.

Spam dynamics in 2019

Such holiday-related scams and spam emails are not exclusive to the Christmas season alone. Users in South East Asia also received typical ‘gift offers’, but instead tied to Lunar New Year.

“The holiday season is a time for impulse purchases and rash decisions. Pressure to get a good deal or buy presents can mean that users are distracted, making it easier for cybercriminals to take advantage of them. The hope of securing an amazing gift at a fantastic price, especially at this time of year, is a hard one to break. Criminals capitalise on that hope all year long, with the end of the year an especially fruitful time for them. Of course, this does not mean that anyone should abstain from shopping ahead of the holidays – users just need to pay extra attention to their credit card payments. It is possible that a subscription or a delayed charge for a present for friends or family could turn out to be fraudulent, as criminals often do not use stolen data straight away” – comments Tatyana Sidorina, security analyst.


An example scam offer for a Samsung smartphone allegedly sent as a gift for Chinese New Year

Read the full holiday season spam and phishing report on Securelist.com.

To stay safe from spam and phishing, follow this simple advice:

Exit mobile version