According to Kaspersky, a global cybersecurity and digital privacy company, there has been a sharp increase in the number of attacks on banking Trojans in 2022.
Between January and October, there have been 20 million attacks.
“The shopping event of the year commonly known as Black Friday is a hot time not only for sellers and their buyers but also for scammers who want to steal as much money as possible from hurried customers,” says Olga Svistunova, a security expert at Kaspersky.
He says cybercriminals are now exploiting buy-now-pay-later service to convince customers to make their orders.
“The new scheme exploiting buy-now-pay-later services only proves that cybercriminals do not stop in their desire to attack victims and come up with new methods to do so. On ordinary days the customer can easily understand: if the product is too cheap, it’s most likely a scam, but during the Black Friday sales period this fact isn’t so clear. Shoppers become less vigilant and are therefore an easy target for cybercriminals. That’s why it’s so important to pay attention to which site you buy from, be careful with unfamiliar companies and use a reliable security solution,” says Svistunova.
Threat actors implement innovative techniques to fool users meant to intercept payments, steal credit card data and phish for sensitive information.
How cybercriminals target you
Cybercriminals may use fake and malicious web pages and mobile apps related to holiday shopping sales often leveraging the branding of top e-commerce brands illegally.
All these are meant to fool users into entering credit card information, opening them up to potential financial fraud.
Some fake apps contain adware and ad-clickers, or malware that steals personal information or locks the device until the user pays a ransom.
Fake apps may also encourage you to log in using your Facebook or Gmail credentials, exposing sensitive personal information.
Malicious web pages often hide in plain sight, using brand names in malicious subdomains or commonly misspelt versions of those names to fool you into visiting pages that phish your information.
Therefore, it is crucial to pay attention to detail while shopping online and be aware of your surroundings.
The following are some precautions you can apply while shopping online this holiday season.
Shop with reputable retailers
As you make your order online this festive season, ensure that you shop with reputable retailers. Avoid visiting online sites that you have little or no information about. Bookmark your favourite sites to get there quickly.
Completely avoid typing the name of the shopping site in the URL bar because you might end up on a counterfeit site.
Avoid offers that look too lucrative to be true.
Most people are aware of the offers by various reputable online shopping sites.
Some counterfeit or fake shopping sites might offer discounts that look so lucrative. Such discounts are meant to confuse and make you fall into the trap.
Always remember that if an offer looks too good to be true, then it probably is.
Avoid free Wi-Fi
If you’re making your online order, avoid using public Wi-Fi. This is because you might encounter a man-in-the-middle attacker. Cybercriminals might also send malware that spies on your credentials.
Avoid clicking strange apps
Say no to strange apps. Scammers use mobile apps (and games) to hide malware that steals your personal information. Do not download apps unless they are from a reputable source.
Credit Cards
Credit – never debit – for online shopping. In case of fraud or a data breach, debit cards do not have the same consumer protections as credit cards.
Credit cards don’t give a seller direct access to the cash in your bank account – debit cards do. If you rely on your debit card, you could end up without that money for an extended period in the event of fraud.
Review your bank statements
Always ensure that you review your bank statements. Your bank and credit card statements should be frequently reviewed for unusual transactions.
Use strong passwords
A strong password is one that's easy for you to remember but difficult for others to guess.
Having strong and unique passwords is key to protecting yourself online.
To secure your account, you should use a password manager. It will generate and remember different, complex passwords for each of your accounts.
It will also protect you from logging into a fake site masquerading as a legitimate one.
You can also use multi-factor authentication for every site that offers it to further protect your accounts.
