More than 30 million phishing attacks were launched against online stores, payment systems, and banks during the first 10 months of 2023, according to the latest report from Kaspersky Labs, a Moscow-based cybersecurity and antivirus provider operated by a holding company in the United Kingdom.
E-commerce platforms bore the brunt of those attacks as they were used as a lure to dupe consumers into making purchases from phony merchant Web sites for products they will never receive. More than 13 million such scams, or more than 43% of the total phishing attacks seen through October of this year, used e-commerce shopping platforms as their lure. Web pages mimicking shopping platforms such as Amazon, eBay, Walmart, AliExpress, and Mercado Libre), totaled 6.2 million in the first ten months of 2023.
Apple was the most popular brand used as a lure, with the tech giant’s name appearing in more than 2.8 million phishing scams through from January through October.
Kaspersky used data from its Kaspersky Security Network, which processes anonymized cyberthreat data voluntarily shared by Kaspersky users, to track the phishing trends. Data for the report were gathered from January through October of this year.
Patterns associated with the scams include consistent use of similar Web-site templates, often repetitively, and the utilization of generic and often suspicious domains, such as “.top”.
One frequently used scam is an offer to acquire an €800 gift card ($875.89) for €1.95 ($2.13). Consumers were prompted to provide their contact and payment information to take advantage of the offer.
The report also notes that since October there has been a threefold increase in the number of Web domains using the words “Black Friday”. “Websites hosted in these domains are either nonexistent stores or convincing replicas of real online stores,” the report says. “Copycat sites using lookalike domains are also actively employed by the fraudsters. To exploit the Black Friday fever, they advertise products at remarkably low prices, leading users to unwittingly lose money by making what they think is a legitimate purchase.”
In addition, some 92,259 spam emails containing the keywords “Black Friday” were detected during the first two weeks of November, the report says.
“Online shopping, particularly during peak events like Black Friday, is a prime target for deceptive schemes,” Olga Svistunova, a security expert at Kaspersky, says in a statement. “Fraudsters intensify their activities, capitalizing on the surge in online traffic and shoppers’ desire for deals. It’s crucial to be discerning and adopt secure online practices, protecting yourself against potential threats while enjoying the benefits of the digital marketplace.”