In 2024, cybercriminals launched over 38-million phishing attacks, impersonating major marketplaces, banks, and tech retailers. Stolen payment card data is actively traded on dark web forums, with prices ranging from $70 to $315 per set.
As shoppers prepare for major sales events like Black Friday in search of the best deals, Kaspersky’s researchers observe cybercriminals and fraudsters gearing up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures.
Between January and November 2024, Kaspersky solutions blocked 38 473 274 phishing attacks related to online shopping, payment systems, and banking institutions. Of these, 44% involved using banking services as bait – representing an increase of almost a quarter compared to the 30 803 840 phishing attempts recorded during the same period last year.
Scammers frequently impersonate major retailers like Amazon, Walmart, and Etsy, sending deceptive emails claiming to offer exclusive discounts. These emails link to fake websites designed to mimic legitimate ones, often with subtle errors like misspellings or slightly altered domain names. Victims attempting to shop on these sites typically lose money.
Another widespread scam exploits consumers’ desire to win prizes. Fraudsters send messages promoting limited-time surveys with prize draws, offering valuable rewards like a free iPhone 14. To create urgency, they claim only a few “chosen” users can access the deal, pressuring recipients to act quickly. Scammers offer a “reward” for sharing some “basic info,” such as an email address, and spending some money on a fake site.
Kaspersky experts have traced the pathways of fraudulent activity, revealing that stolen data is either exploited directly by scammers or sold on dark web marketplaces. The value of the data determines its price. For instance, comprehensive sets of stolen credit card details, known as “fullz,” typically include the card number, expiration date, CVV code, cardholder’s name, billing address, and phone number.