Kaspersky researchers reported the number of attacks via Banking Trojans stealing payment data, doubled in 2022 compared with 2021, reaching almost 20 million attacks. This year, in addition to this active campaign of banking credentials theft, cybercriminals did not stand still and developed new scam schemes. On Black Friday in particular, fraudsters used a new type of phishing scheme for the first time exploiting Buy Now Pay Later (BNPL) services. These are some of the findings from Kaspersky’s ‘How customers got scammed amid the Black Friday season in 2022’ report aimed at educating users on staying safe during the sales season.
Banking Trojans are widely used tools in the arsenal of cybercriminals profiting from the sales season. Once the user browses in an online store, the Trojan saves all the data the user enters into the website’s forms. This means cybercriminals get access to a credit or debit card number, expiration date and CVV, and the victim’s site login credentials. Having obtained this information, the attackers may use it to empty the user’s bank account, use their card details for purchases or sell the data in the Dark web stores.
After a rapid drop in the number of attacks with banking Trojans in 2021, cybercriminals returned to this type of threat with renewed strength. In 2022, the number of attacks doubled compared to the same time period in 2021. From January to November, Kaspersky products detected and prevented almost 20 million attacks, meaning that the overall growth in the number of detections is 92%.
The sales season inevitably attracts the attention of shoppers and retailers. However, it is also a favorite time for cybercriminals, who do not hesitate to cash in on online customers. Cybercriminals create juicy offers that are fake and expire quickly, so the user must hurry to get the goods for free or at the lowest price. This is where cybercriminals catch customers, who are hungry for freebies and don't look carefully at the site they are entering their data into: the phishing or the original one.
In 2022, Kaspersky experts also found numerous examples of phishing pages for the first time abusing BNPL services. These tools allow customers to split the cost of the purchase into several interest-free installments. Therefore, these services appeal to consumers, especially youngsters, and have proven to be particularly popular during shopping periods such as Black Friday.
An example of this scam is the misuse of a popular service named Afterpay (Clearpay in the U.K. and Italy), with 20 million active users across the world. Perpetrators set up a page mimicking the official website, tricking unsuspecting victims into entering their credit card numbers and CVVs into a fake form. After the user has entered their details, cybercriminals will try to steal as much money as possible from this card, emptying the victim's wallet.
“The shopping event of the year - Black Friday - is a hot time not only for sellers and their buyers, but also for scammers who want to steal as much money as possible from hurried customers. The new scheme exploiting Buy Now Pay Later (BNPL) services only proves that cybercriminals do not stop in their desire to attack victims and come up with new methods to do so. On ordinary days the customer can easily understand: if the product is too cheap, it's most likely a scam, but during the Black Friday sales period this fact isn’t so clear. Shoppers become less vigilant and are therefore an easy target for cybercriminals. That's why it's so important to pay attention to which site you buy from, be careful with unfamiliar companies and use a reliable security solution,” comments Olga Svistunova, security expert at Kaspersky.