SECURITY
Retail cyberthreats spike 25% ahead of Black Friday
In 2024, cybercriminals launched over 38 million phishing attacks, impersonating leading marketplaces, banks, and tech retailers. Stolen payment card information continues to fuel dark web activity, with prices for card data ranging between $70 and $315 per set.
Kaspersky, a global cybersecurity leader, has been closely tracking the rise in shopping-related cyberthreats. As consumers eagerly hunt for deals during major sales events like Black Friday, cybercriminals ramp up their efforts to exploit this heightened demand. Their tactics include stealing personal data, draining funds, and deploying malware via fraudulent shopping schemes.
Between January and November 2024, Kaspersky’s security solutions blocked 38,473,274 phishing attacks targeting online shoppers, payment platforms, and banking systems. Notably, 44% of these attacks used fake banking services as bait - a sharp increase of nearly 25% compared to the 30,803,840 phishing attempts recorded during the same period last year.
Kaspersky’s findings highlight the growing sophistication and volume of threats tied to retail and online transactions, underscoring the need for vigilance as Black Friday approaches.
Scammers frequently impersonate major retailers like Amazon, Walmart, and Etsy, sending deceptive emails claiming to offer exclusive discounts. These emails link to fake websites designed to mimic legitimate ones, often with subtle errors like misspellings or slightly altered domain names. Victims attempting to shop on these sites typically lose money.
Another widespread scam exploits consumers’ desire to win prizes. Fraudsters send messages promoting limited-time surveys with prize draws, offering valuable rewards like a free iPhone 14. To create urgency, they claim only a few “chosen” users can access the deal, pressuring recipients to act quickly. Scammers offer a “reward” for sharing some “basic info,” such as an email address, and spending some money on a fake site.
Kaspersky experts have traced the pathways of fraudulent activity, revealing that stolen data is either exploited directly by scammers or sold on dark web marketplaces. The value of the data determines its price. For instance, comprehensive sets of stolen credit card details, known as “fullz,” typically include the card number, expiration date, CVV code, cardholder’s name, billing address, and phone number.
“This year, dark web markets mirror the pricing strategies and marketing tactics of legitimate online retailers. Some even offer Black Friday-style promotions, such as discounts and bundled deals, similar to seasonal sales found on mainstream websites,” comments Marc Rivero, lead security researcher at Kaspersky’s Global Research and Analysis Team.
Within this campaign, a seller was offering a 10% discount on stolen credit card details from countries like Canada, Australia, Italy, and Spain – with pricing between $70 and $315 for a card depending on the card’s quality and the region it was from.
Republished with permission from IT News Africa