Kaspersky researchers reported that the number of attacks via Banking Trojans that steal payment data doubled from 2021 to nearly 20 million in 2022.
In addition to this active campaign for banking credential theft this year, cybercriminals have also developed new fraud schemes, according to Kaspersky statement. Among them is a type of phishing that was used for the first time on Black Friday and that makes use of Buy Now Pay Later (BNPL) services.
All this and more is explained in Kaspersky’s “How customers were scammed in the 2022 Black Friday season” report, which aims to keep users safe during the November sale season.
Accordingly, Banking Trojans are known to be widely used tools in the arsenal of cybercriminals who take advantage of the sales season, while when the user browses an online store, the Trojan records all the data that the user enters into the forms on the website.
This means that cybercriminals can access the credit card or bank account number, expiration date, CVV and the victim’s login credentials on the site. By obtaining this information, attackers can use it to empty the user’s bank account, make purchases with card information, or sell data in Dark Web stores.
They create attractive fake offers
According to the information provided, after the rapid decline in the number of attacks with banking Trojans in 2021, cybercriminals are back again and stronger.
The number of attacks in 2022 has doubled compared to the same time frame in 2021. Kaspersky products detected and prevented nearly 20 million attacks from January to October. This means that the overall increase in the number of detections is 92 percent.
Sale season attracts shoppers and retailers. This period is also a favorite of cybercriminals who do not hesitate to trap online shoppers.
Cybercriminals create compelling fake offers that seem to expire quickly. In this scenario, the user has to rush to get the products sold for free or at a reduced price. This is where cybercriminals catch customers who are fond of free products and don’t pay attention to the site they enter their data on.
“Black Friday is an ideal time for scammers”
In 2022, Kaspersky experts found numerous examples of phishing pages abusing BNPL services for the first time. These tools allow customers to divide their payments into interest-free installments. For this reason, these services, which are attractive to consumers, especially young people, become more popular especially during shopping periods such as Black Friday.
Kaspersky Security Specialist Olga Svistunova, whose views were included in the statement, gave the following information:
“Black Friday, the shopping and discount event of the year, is an ideal time not only for sellers and buyers, but also for scammers who want to steal as much money as possible from hasty customers. New scams using Buy Now Pay Later (BNPL) services allow cybercriminals to only It proves that they are not satisfied with the desire to attack the victims, they have found new ways to do it, which in normal times the customer can easily understand.
If the product is sold very cheaply, it is most likely a fraudulent attempt. However, the situation is not so clear during the Black Friday sales period. Shoppers pay less attention to such issues in anticipation of big discounts and become an easy target for cybercriminals. For this reason, it is very important to pay attention to which site you shop from, to be wary of companies you do not know, and to use a reliable security solution.”
“Do not trust any links or attachments received via email”
The statement made the following caveats to enjoy the best deals Black Friday has to offer this year:
“Protect all devices you use for online shopping with a reliable security solution. Do not trust any links or attachments received by email, double-check the sender before opening any link. Check the store website again before filling in any information. Is the address correct? Are there any typos or site design errors? To protect your data and money, make sure the checkout page is secure and has a padlock icon next to the URL. If you want to buy something from an unknown company, check their reviews before you decide.
Although you take as much precaution as possible, you probably won’t realize something is wrong until you see your bank or credit card statement. So if you still receive printed statements, don’t wait for them to arrive in your mailbox. Sign in to your bank online to see if all payments appear legitimate. If anything is suspicious, contact your bank or credit card company immediately to correct it.”
