While Black Friday is arguably the most anticipated retail sales period in the world, cyber-fraudsters also consider this period fruitful, to lure people into fraudulent schemes and steal their money.
As cybercriminals are targeting customers of apparel e-commerce websites, including fashion, shoes, gifts, toys and jewellery. To understand the extent of fraudsters' activity, Kaspersky researchers analyzed Black Friday threats, including the activities of botnets that distribute banking Trojans - malware aimed at stealing users' credentials and financial data.
Consumer goods, such as clothing stores, jewellery and toys - appear to be the key focus of financial botnets operators this season, with 28 websites from this category part of the malware families. Users of e-commerce brands dealing with the travel industry, such as transportation tickets retailers, taxi services and hotels are also in the list of top sites targeted, with 15 popular websites.
Kaspersky tracks the activity of multiple botnets and is able to learn when a particular one is being changed and new abilities added.
Last year the situation was different: the total number of targeted brands was lower at just 67, while the top of the most 'hunted' brands was led by consumer apparel, entertainment and consumer electronics websites. This year, only two websites from the latter category were identified as targeted by one of 15 malicious families.
On the growing cybercriminal activities, the security researcher at Kaspersky, Oleg Kupreev, said, "The growing interest of cybercriminals in getting users credentials of e-commerce brands is easy to understand. And even if there is no direct financial gain, personal user accounts contain a lot of valuable information that could be used to further target users, such as purchase history or personal information related to a delivery address etc.
Kupreev goes on to add, "Such information is highly valued on the underground market and will inevitably find a buyer. However, the good news for consumers is that through simple precautionary measures and remaining vigilant, they can stay safe. We wish everyone a pleasant shopping experience this Black Friday and during the festive season."
To stay safe during the Black Friday period, Kaspersky recommends shoppers:
- Avoid purchasing from websites that appear suspicious or flawed, no matter how great their Black Friday deals are
- Don't click on unfamiliar links you receive in emails or social media messages, even from people you know, unless you were expecting the message
- Double-check the email address of the sender. If it is not the official brand's website domain, do not click on the link
- Chose payment processing services that use multifactor authorization of purchases, if available
- Use a dedicated security solution on your device, with built-in features to create a secure environment for all financial transactions and prevent fraud, such as Kaspersky Security Cloud and Kaspersky Internet Security.