Financial attacks to increase from Black Friday

Read time 4min 10sec
A peak season for sales is also a peak hunting season for criminals, says Kaspersky Lab's Andrey Kostin.
A peak season for sales is also a peak hunting season for criminals, says Kaspersky Lab's Andrey Kostin.

The number of financial phishing attacks is expected to rise during the holiday season which unofficially starts on Black Friday and continues through Cyber Monday and Christmas.

This is according to research conducted by Kaspersky Lab which shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.

The report reveals that in 2014 and 2015 the proportion of phishing pages that hunt financial data (credit cards details) detected by Kaspersky Lab during Q4 - which covers the holiday period, was around 9 percentage points higher than the average for the entire year.

"In 2014, we conducted some research into how the phishing threat landscape behaves itself in the holiday period, and discovered that the number of attacks against particular targets - payment systems and famous retail networks - increased during the Black Friday and Cyber Monday period. In 2015, the situation repeated itself and this makes us think that in 2016 it will happen again. So we urge users to be as cautious as possible when shopping online this season," says Andrey Kostin, senior Web content analyst at Kaspersky Lab.

In particular, the result for financial phishing in all of 2014 was 28.73%, while the result for Q4 was 38.49%. In 2015, 34.33% of all phishing attacks were financial phishing, while in Q4, financial phishing was responsible for 43.38% of all attacks, adds the report.

"A peak season for sales is obviously also a peak hunting season for criminals: retailers offer lots of hard-to-resist deals and people plan on spending money on gifts for themselves, their friends and relatives. So, while e-commerce customers are making wishes for the upcoming sales, the retailers themselves are preparing their stores for a massive rise in the number of visitors, and financial infrastructure owners - banks and payment systems - are getting ready for a huge increase in the number and value of transactions; cybercriminals are preparing too," notes Kostin.

Criminals exploit the Black Friday theme itself, he adds. While doing research into the threat landscape in October 2016, Kaspersky Lab researchers spotted a Black-Friday themed phony Internet shop offering products at attractive prices. This means that weeks before the actual start of the holiday sales, the criminals are already preparing, Kostin elaborates.

Holidays influence the type of financial targets that criminals are after. Both in 2014 and 2015 Kaspersky Lab researchers witnessed a significant increase in phishing attacks against payment systems and online stores. Attacks against banks also grew, but at a lower rate, reveals the research.

A Juniper Research titled: "Online Payment Fraud: Key Vertical Strategies & Management 2016-2020", found e-retail tops the list of online fraud with 65% of overall incidents estimated to reach $16.6 billion by 2020. Second on the list was online banking fraud, making up 27% of cases globally, which is valued at $6.9 billion. Airline ticketing fraud ranked in at third place with 6% of incidents making up $1.5 billion.

Juniper forecasts an increase in online fraud as fraudsters turn their attention to online sales. Online retail fraud in the US alone is expected to rise by 106% over the next three years, adds the report.

According to South African Banking Risk Information Centre (SABRIC), as more business transactions such as paying bills, shopping and trading move online, consumers have unfortunately also become more susceptible to online crimes.

"Online banking fraud increased as a result of the high level of phishing and malware attacks targeting banking customers. It is with this in mind that the industry is currently embarking on a national campaign to encourage bank customers to take great care of their cyber security," says Kalyani Pillay, CEO of SABRIC.

According to PandaLabs, point of sale (POS) attacks have increased and become more widespread due to the high price that credit card details collected from these devices fetch on the black market.

"POS malware sample, Punkey POS was presented in Q2, infecting over 200 POS terminals in restaurants across the US alone, as well as infecting numerous terminals internationally.

"Constantly in search of a bigger prize, hackers have now taken to directly targeting banks, successfully transferring funds from the banks using specially developed malware," says the research company.

Login with