The number of financial phishing attacks in the UAE is expected to rise during the Holiday season which starts unofficially on so-called White Friday and continues through Cyber Monday and the holiday season. Retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.
A peak season for sales is obviously also a peak hunting season for criminals. According to experts at Frost& Sullivan, the e-commerce business in the UAE is expected to be valued at Dh36.7 billion by 2018. Retailers offer lots of hard-to-resist deals and people plan on spending money on gifts for themselves, their friends and relatives. So, while e-commerce customers are making wishes for the upcoming sales, the retailers themselves are preparing their stores for a massive rise in the number of visitors, and financial infrastructure owners – banks and payment systems - are getting ready for a huge increase in the number and value of transactions; cybercriminals are preparing too. At least, that was the case in previous years.
As Kaspersky Lab threat statistics shows, in 2014 and 2015 the proportion of phishing pages that hunt financial data such ascredit cards details detected by the company during Q4 (which covers the holiday period) was around 9 %higher than the average for the year. In particular, the result for financial phishing in all of 2014 was 28.73%, while the result for Q4 was 38.49%. In 2015, 34.33% of all phishing attacks was financial phishing, while in Q4, that type of phishing was responsible for 43.38% of all attacks.
Holidays influence the type of financial targets that criminals are after. Both in 2014 and 2015 Kaspersky Lab researchers witnessed a significant increase in phishing attacks against payment systems and online stores. Attacks against banks also grew, but at a lower rate.
When trying to steal payment data, criminals use different schemes: they may create a fake payment page of a famous payment system, or they copy legitimate online retailer sites or even create 100% fake shops with incredibly attractive offerings.
And of course, criminals exploit the international Black Friday theme itself. While doing research into the threat landscape, in October 2016, Kaspersky Lab researchers spotted a Black-Friday themed phony internet shop offering products at attractive prices; which means that weeks before the actual start of the holiday sales, the criminals are already started preparing.
“In 2014, we conducted some research into how the phishing threat landscape behaves itself in the holiday period, and discovered that the number of attacks against particular targets – payment systems and famous retail networks - increased during the online sales season. In 2015, the situation repeated itself and this makes us think that in 2016 it will happen again. So we urge users to be as cautious as possible when shopping online this season,” said Andrey Kostin, senior web content analyst at Kaspersky Lab.
In order to avoid becoming a victim of holiday phishing scams during the upcoming White Friday, Cyber Monday and the holiday season, Kaspersky Lab experts advises the following measures:
Phishing is one of the most widespread cyberthreats that users may encounter during holidays, but it is not the only one. Read more about other types of threats to customers, retailers and banks that are likely to emerge in the coming holiday period in Kaspersky Lab Holiday cyberthreats Review on Securelist.
Read more about what can businesses do in order to protect themselves from cyberthreats during holiday season on Kaspersky Business Blog.