The annual Black Friday/Cyber Monday sales offer incredible opportunities, but they are also peak days for financial phishing attacks – and consumers are significantly safer on ‘Grey Saturday.’
The annual Black Friday/Cyber Monday sales offer incredible opportunities, but they are also peak days for financial phishing attacks – and consumers are significantly safer on ‘Grey Saturday’, when the number of such attacks drops by up to a third despite it being a top shopping day. Grey Saturday was identified during Kaspersky Lab’s annual review of new financial phishing attacks detected during the holiday sales season.
Kaspersky Lab’s review found signs of Grey Saturday attack dips in both 2016 and 2015. In 2016 there was a decline of 33 per cent in the number of attacks using popular online retail and payment brands (from around 770,000 to 510,000 detections), despite it being the second biggest shopping day in some countries, such as the U.S.
The change in the number of phishing attacks using names of popular retail, banking and payment brands during Black Friday week in 2015 and 2016 (data from all Kaspersky Lab security components – heuristic, offline and cloud detections)
It represents a rare moment of respite from the cybercriminals in an ever busier holiday shopping season that now runs from October through December. Traditionally distributed by email, phishing attacks now also lure consumers through weblinks, banners, social media and more, persuading them to part with their personal financial data in the belief they are dealing with a reputable, known brand.
“The rise in people using online payments, banking and shopping means that financial phishing attacks are now consistently high all year round, but the holiday season makes it so much easier to hide in the noise. At this time of year, marketing and advertising levels go through the roof, and with consumers increasingly making their transactions on mobiles – probably while out and about and in a hurry – almost everyone is more exposed and has less time to think and check. On Grey Saturday the number of attacks drop significantly. Weekends generally see lower numbers of attacks and fewer people online – but on this big shopping day that’s an extra advantage. We expect this trend from 2016 to continue in 2017, so if you plan on shopping online these holidays, choose the day wisely,” said Nadezhda Demidova, Lead Web-Content Analyst, Kaspersky Lab.
Other findings of the report include:
- Following a decline in 2015, financial phishing abusing online payment systems, banks and retailers increased again in 2016.
- Financial phishing now accounts for half (49.77 per cent) of all phishing attacks, up from 34.33 per cent in 2015.
- Mobile-first consumers are likely to be a key driver behind the rise in financial phishing: the use of smartphones for online banking, payment and shopping has doubled in the last year according to the 2017 Kaspersky Cybersecurity Index.
- Financial phishers are exploiting the Black Friday name in their attacks, as well as consumer awareness of, and concerns about online security – disguising their attack messages as security alerts, implications that the user has been hacked, or adding reassuring-sounding security messages.
In order to stay protected while shopping online – on any day – Kaspersky Lab offers the following advice:
- Do not click on any links received from unknown sources or on any links that look suspicious.
- Do not use insecure public Wi-Fi networks to make online payments, as hotspots can easily be hacked in order to listen to user traffic and steal confidential information.
- Do not enter your credit card details on unfamiliar or suspicious sites and always double-check the webpage is genuine before entering any personal information (at least take a look at the URL). Fake websites may look just like the real ones.
- Only use sites which run with a secure connection - the address of the site should begin with HTTPS://.
- The more information is being asked for, the more cautious you should be: ask yourself if they really need all the information they demand.
- Remember that banks and payment companies will never ask you to enter all your credentials. If in doubt, call them.
- Install a security solution on your device with built-in technologies designed to prevent financial fraud. For example, Safe Money technology in Kaspersky Lab’s solutions creates a secure environment for financial transactions on all levels.
Kaspersky Lab’s holiday season financial phishing overview is based on information gathered by Kaspersky Lab’s heuristic anti-phishing component that activates every time a user tries to open a phishing link that has not yet been added to Kaspersky Lab’s database.
To learn more about the latest holiday season phishing trends and examples, please see the Beyond Black Friday Kaspersky Lab Threat Report on Securelist.