Shoppers around the world face an unprecedented number of phishing attacks this holiday season, according to Andrey Kostin at Kaspersky Lab. With Single’s Day in China on November 11th, Black Friday on the 23rd, and Christmas and the New Year coming up within weeks, November and December are prime phishing season for attackers.
Financial phishing made up 54% of all phishing attacks in 2017, and that number is certain to be even higher this year. Kaspersky Lab has found that in recent years the volume of financial phishing attacks has spiked by 10% during the holiday season.
In the run-up to Single’s Day and Black Friday this year, Kaspersky Lab observed a multitude of phishing sites imitating Walmart, Amazon, Alibaba, Netflix, and many others. In advance of the holidays, attackers send out mass emails promoting discounts and deals with links that lead to these sites. Kostin says that these phishing sites are carefully crafted with social engineering techniques to trick and distract victims.
“Cybercriminals tend to use a similar formula on phishing attacks,” he says. “Lucrative offers are first used as bait. But before the users can access the deal, they are instructed to fill out a form that asks for all their personal details. Address, phone number, etc. Once the form is completed, users are prompted to forward the link to their friends. Needless to say, the user never gets the deal: The victim is simply transferred from site to site, with countless pointless surveys.”
In order to defend against these attacks, people have to be wary and observant while shopping online. And it would be careless to dismiss the risk to organizations. Where consumers can be gulled, so can employees. Employees everywhere can benefit from interactive security awareness training that will teach them how to recognize social engineering techniques and verify the authenticity of websites.
Kaspersky Lab has the story: https://www.kaspersky.co.za/blog/black-friday-phishing-2018/21520/