The Black Friday Heist: Financial Phishing Increases During the Holiday Season

WOBURN, Mass.–(BUSINESS WIRE)–The number of financial phishing attacks is
expected to rise during the Holiday shopping season which starts
unofficially on Black Friday. Retrospective research by Kaspersky
Lab specialists shows that, over the last few years, the holiday
period was marked by an increase in phishing and other types of attacks,
which suggests that the pattern will be repeated this year.

As previous years have shown, a peak season for sales can also be a peak
hunting season for criminals. While e-commerce customers are
anticipating big sales, retailers are preparing for increases in store
visitors, and financial infrastructures are getting ready for a huge
increase in transactions; cybercriminals are preparing too.

As Kaspersky Lab threat statistics show, in 2014 and 2015 the proportion
of phishing pages that hunt financial data (credit cards details)
detected by the company during Q4 (which covers the holiday period) was
around nine percentage points higher than the average for the other
portion of the year. In particular, the result for financial phishing in
all of 2014 was 28.73 percent, while the result for Q4 was 38.49
percent. In 2015, 34.33 percent of all phishing attacks was financial
phishing, while in Q4, that type of phishing was responsible for 43.38
percent of all attacks.

In addition, the holidays influence the type of financial targets that
criminals are after and the types of schemes they implement. Both in
2014 and 2015 Kaspersky Lab researchers witnessed a significant (several
percentage points) increase in phishing attacks against payment systems
and online stores. Attacks against banks also grew, but at a lower rate.

When trying to steal payment data, criminals may create a fake payment
page of a famous payment system, copy legitimate online retailer
websites or even create completely fake shops with incredibly attractive
offerings. Cyber criminals also tend to exploit the Black Friday theme
itself. While doing research into the threat landscape, in October 2016,
Kaspersky Lab researchers spotted a Black-Friday themed phony internet
shop offering products at attractive prices.

“In 2014, we conducted some research into how the phishing threat
landscape behaves itself in the holiday period, and discovered that the
number of attacks against particular targets – payment systems and
famous retail networks – increased during the Black Friday and Cyber
Monday period,” said Andrey Kostin, senior web content analyst at
Kaspersky Lab. “In 2015, the situation repeated itself and this makes us
think that in 2016 it will happen again. So we urge users to be as
cautious as possible when shopping online this season.”

In order to avoid becoming a victim of holiday phishing scams during the
upcoming Black Friday, Cyber Monday and holiday timeframe, Kaspersky Lab
experts advises the following measures:

• Do not click on any links received from unknown people or on
  suspicious links sent by your friends on social networking sites or
  via e-mail. They can be malicious; created to download malware to your
  device or to lead to phishing webpages aimed at harvesting user
  credentials.
• Do not enter your credit card details on unfamiliar or suspicious
  sites, to avoid passing them into cybercriminals’ hands. If these
  websites are offering advantageous deals that look too good to be
  true, they most likely belong to criminals.
• Always double-check the webpage is genuine before entering any of your
  credentials or confidential information (at least take a look at the
  URL). Fake websites may look just like the real ones.
• Install a security solution on your device, with built-in technologies
  designed to prevent financial fraud. For example, Safe Money
  technology in Kaspersky Lab’s solutions creates a secure environment
  for financial transactions on all levels.

More tips can also be found in the infographic, “8 tips to rule your
cyber shopping,” linked
here.

Phishing is one of the most widespread cyberthreats that users may
encounter during holidays, but it is not the only one. Read more about
other types of threats to customers, retailers and banks that are likely
to emerge in the coming holiday period in Kaspersky Lab Holiday
cyberthreats Review on
Securelist.

Read more about measures that customers can implement in order to
protect themselves, on Kaspersky
Daily blog.

Read more about what can businesses do in order to protect themselves
from cyberthreats during holiday season on Kaspersky
Business Blog.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997.
Kaspersky Lab’s deep threat intelligence and security expertise is
constantly transforming into security solutions and services to protect
businesses, critical infrastructure, governments and consumers around
the globe. The company’s comprehensive security portfolio includes
leading endpoint protection and a number of specialized security
solutions and services to fight sophisticated and evolving digital
threats. Over 400 million users are protected by Kaspersky Lab
technologies and we help 270,000 corporate clients protect what matters
most to them. Learn more at www.kaspersky.com.

Securelist
| Information about Viruses, Hackers and Spam
Follow @Securelist on
Twitter

Threatpost
| The First Stop for Security News
Follow @Threatpost on
Twitter

Contacts

Kaspersky Lab
Sarah Kitsos, 781-503-2615
sarah.kitsos@kaspersky.com
or
Denise
Bertrand, 781-503-1836
denise.bertrand@kaspersky.com