Financial phishing attacks are expected to rise during the Christmas holiday shopping season, which starts unofficially on so-called Black Friday, and continues through Cyber Monday and Christmas. Retrospective research by and IT security company suggests that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.
A peak season for sales is obviously also a peak hunting season for criminals, according to Kaspersky Lab. In fact, some £5 billion of transactions are predicted over that period – five times higher than 2015. Retailers offer lots of hard-to-resist deals as people plan on spending money on gifts for family, friends and themselves. Therefore, while e-commerce customers are making wishes for the upcoming sales, retailers are preparing their stores for a massive rise in the number of visitors. Financial infrastructure owners – banks and payment systems — are similarly getting ready for a huge increase in the number and value of transactions. However, cybercriminals are preparing too, as suggested in research from previous years.
As the Lab’s threat statistics shows, in 2014 and 2015 the proportion of phishing pages that hunt financial data (credit cards details) detected by the company during Q4 (which covers the holiday period) was around nine per cent higher than the average for the year. In particular, the result for financial phishing in all of 2014 was 28.73 per cent, while the result for Q4 was 38.49 per cent. In 2015, 34.33 per cent of all phishing attacks were financial phishing, while in Q4, that type of phishing was responsible for 43.38 per cent of all attacks.
Holidays influence the type of financial targets that criminal’s target. Both in 2014 and 2015, Kaspersky Lab researchers witnessed a significant (several per cent) increase in phishing attacks against payment systems and online stores. Attacks against banks also grew, but at a lower rate.
When trying to steal payment data, criminals use different schemes. For example, they may create a fake payment page of a known payment system, copy legitimate online retailer sites, or even create legitimate looking fake shops with incredibly attractive offerings.
Andrey Kostin, senior web content analyst at Kaspersky Lab, said: “In 2014, we conducted research into how the phishing threat landscape behaves in the holiday period. We discovered that the number of attacks against particular targets – payment systems and famous retail networks — increased during the Black Friday and Cyber Monday period. In 2015, the situation repeated itself, and this makes us think that in 2016 it will happen again. We urge users to be as cautious as possible when shopping online this season.”
