Holiday Season is Primetime for Phishing

The number of financial phishing attacks is expected to rise during the holiday season which starts unofficially on Black Friday and continues through Christmas.

Kaspersky Lab data  shows that over the last few years the holiday period has had an increase in phishing and other types of attacks, which will likely recur this year.

Upticks in sales foreshadow upticks in in cybercriminal activities.

According to Kapersky, in 2014 and 2015, the proportion of phishing pages that hunt financial data (credit cards details) detected by the company during Q4 (which covers the holiday period) was around 9 percentage points higher than the average for the year.  Specifically, the result for financial phishing in all of 2014 was 28.73%, while Q4 was 38.49%. In 2015, 34.33% of all phishing attacks was financial phishing, while in Q4, that type of phishing was responsible for 43.38% of all attacks.

Holidays influence the type of financial targets that criminals pursue.  Payment systems, online stores and banks are prime targets.

So what methods are the criminals using?

  • Fake payment pages for a well known payment system
  • Fake websites that mirror legitimate online retailers, yet offering very attractive savings
  • Phony Black Friday themed shops offering attractive prices (which means weeks before the start of holiday shopping, criminals are already in gear)

Don’t be a victim

 “We urge users to be as cautious as possible when shopping online this season,” says Andrey Kostin, senior Web content analyst at Kaspersky Lab.

· Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious; created to download malware to your device or to lead to phishing webpages aimed at harvesting user credentials. One of the easiest ways is to look carefully at the sender email address.  And, use common sense.  If the sender isn’t someone who normally emails ideas and thoughts to you, it is likely fake.

· Do not enter your credit card details on unfamiliar or suspicious sites.  If these websites are offering advantageous deals that look too good to be true, they most likely belong to criminals.

· Always double-check the webpage is genuine before entering any of your credentials or confidential information (at least take a look at the URL). Fake websites may look just like the real ones.

· Install a security solution on your device, with built-in technologies designed to prevent financial fraud. For example, Safe Money technology in Kaspersky Lab’s solutions creates a secure environment for financial transactions on all levels.

· Use blind payment sites like PayPal or Stripe, but be sure to double check the website address.  Stripe phishing is particularly rampant of late, so look at the email address carefully. It will be clear if it is phony.

· Notify any bank, payment system or retailer of the phony email or site.  You can usually send the issue to a support@organization name.  A copy of the email or a picture of the website page will help.

 

 

Adapted from an article by itonline.com | Photo: Pixabay images