Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds
Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Germany to force ISPs to give discounts for slow Internet speeds
Microsoft Defender for Endpoint fails to start on Windows Server
Get unlimited access to 210 top Mac apps for $42 this Black Friday
The Best Cyber Monday 2021 Security, IT, VPN, & Antivirus Deals
New Windows 10 zero-day gives admin rights, gets unofficial patch
Dual screen monitors for your laptop are on sale this Black Friday
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Black Friday is approaching, and cybercriminals are honing their malware droppers, phishing lures, and fake sites while shoppers prepare to open their wallets.
As researchers at Kaspersky point out, scammers are already targeting people with fake tickets for the FIFA World Cup 2022.
The security firm shared a detailed report highlighting the most common threats expected to surface during this year’s Black Friday, as well as the Christmas shopping season.
Kaspersky’s products alone detected over 40 million phishing attacks from January to October 2021, with Amazon, eBay, Alibaba, and Mercado Libre being the most popular lures.
As such, if you receive emails concerning promotions and discounts on large e-commerce platforms, you should treat them with extra caution.
In terms of trends, phishing actors doubled their effort to steal account credentials for e-payment systems (also known as online payment systems), with October 2021 seeing a rise of 208% compared to the month before.
While banking credentials are still targeted, phishing actors tend to favor e-payment systems more now, as those have risen in popularity by 40% during the last two years.
Kaspersky has found that cybercriminals used 11 distinct malware families against shoppers in 2021, with more than half of them being variants of Zeus banking trojan.
The list of other popular strains used in 2021 malware attacks also includes Qbot (deployed in 13.9% of the total number of incidents), Anubis (13.4%), Trickbot (11.6%), and Neurevt (4.8%).
An interesting trend emerging from Kaspersky’s stats is the number of infections, which has dropped from 20 million in the past two years to just 10 million this year.
This decline is in line with the shift of the threat actors’ attention to electronic payments. Most of these trojan families have a narrow targeting scope limited to specific financial institutes or platforms, so they require more effort to target a larger array of potential victims.
Malware deployed now is more specialized for e-commerce platforms, looking to steal e-shop account credentials, bank card numbers, CVVs, expiration dates, and phone numbers.
There are two categories of fake sites that can lead to problems for victims. The first one is phishing sites that steal credentials and the second one is scam sites that steal money.
In the first case, the lures typically come in the form of emails allegedly sent by high-profile online shops or popular e-commerce platforms, directing recipients to a fake login page.
The second case involves sites that have cloned real shops by copying their CSS and all content or just fake markets that receive payments without sending anything to the buyer.
In some cases, these platforms do send an empty envelope to the victims, only for providing a valid tracking number and delay reports that would allow hosting providers or authorities to take them down faster.
This also reduces the chances of PayPal payment disputes blocking the funds from ending in the scammers’ accounts and allowing victims to recover their money.
Remember, you will see many product discounts and sales promotions during the holidays. However, the chances of some of them being scams are higher than usual.
To protect yourself and your banking account, you should use an internet security solution from a trusty vendor and always double-check that you’re on a legitimate site before entering your payment info.
If you stumble upon an offer that seems too good to be true, it’s probably a scam even in the context of Black Friday.
Finally, if you can use e-payments instead of credit cards, it would be preferable due to the less severe repercussions in the case of a data breach.
There are also one-time virtual cards with charging limits, so if you want to play it safe while shopping from less-known shops, there are ways to do it.
If you have to pay with your bank account or card, verify that the right amount has been charged and monitor all future transactions closely.
TikTok phishing threatens to delete influencers’ accounts
Crypto investors lose $500,000 to Google Ads pushing fake wallets
Beware: Free Discord Nitro phishing targets Steam gamers
Intuit warns QuickBooks customers of ongoing phishing attacks
Dual screen monitors for your laptop are on sale this Black Friday
Not a member yet? Register Now
IKEA email systems hit by ongoing cyberattack
TrickBot phishing checks screen resolution to evade researchers
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…

New Microsoft emergency updates fix Windows Server auth issues

New Microsoft emergency updates fix Windows Server auth issues7 million Robinhood user…

Credit card info of 1.8 million people stolen from sports gear sites

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

Dell driver fix still allows Windows Kernel-level attacks

Attackers can get root by crashing Ubuntu’s AccountsServiceAttackers can get root by…