fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How Cybercriminals Adjusted Their Scams for Black Friday 2021

How Cybercriminals Adjusted Their Scams for Black Friday 2021

Black Friday is approaching, and cybercriminals are honing their malware droppers, phishing lures, and fake sites while shoppers prepare to open their wallets.

As researchers at Kaspersky point out, scammers are already targeting people with fake tickets for the FIFA World Cup 2022.

The security firm shared a detailed report highlighting the most common threats expected to surface during this year’s Black Friday, as well as the Christmas shopping season.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Phishing for data and e-payment accounts

Kaspersky’s products alone detected over 40 million phishing attacks from January to October 2021, with Amazon, eBay, Alibaba, and Mercado Libre being the most popular lures.

As such, if you receive emails concerning promotions and discounts on large e-commerce platforms, you should treat them with extra caution.

In terms of trends, phishing actors doubled their effort to steal account credentials for e-payment systems (also known as online payment systems), with October 2021 seeing a rise of 208% compared to the month before.

While banking credentials are still targeted, phishing actors tend to favor e-payment systems more now, as those have risen in popularity by 40% during the last two years.

Phishing types in 2021
Phishing targets in 2021
Source: Kaspersky

Banking trojans fading

Kaspersky has found that cybercriminals used 11 distinct malware families against shoppers in 2021, with more than half of them being variants of Zeus banking trojan.

The list of other popular strains used in 2021 malware attacks also includes Qbot (deployed in 13.9% of the total number of incidents), Anubis (13.4%), Trickbot (11.6%), and Neurevt (4.8%).

An interesting trend emerging from Kaspersky’s stats is the number of infections, which has dropped from 20 million in the past two years to just 10 million this year.

This decline is in line with the shift of the threat actors’ attention to electronic payments. Most of these trojan families have a narrow targeting scope limited to specific financial institutes or platforms, so they require more effort to target a larger array of potential victims.

Malware deployed now is more specialized for e-commerce platforms, looking to steal e-shop account credentials, bank card numbers, CVVs, expiration dates, and phone numbers.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Volume of malware drops
Volume of malware drops
Source: Kaspersky

Ending up on malicious sites

There are two categories of fake sites that can lead to problems for victims. The first one is phishing sites that steal credentials and the second one is scam sites that steal money.

In the first case, the lures typically come in the form of emails allegedly sent by high-profile online shops or popular e-commerce platforms, directing recipients to a fake login page.

Fake German eBay site
Fake German eBay site
Source: Kaspersky

The second case involves sites that have cloned real shops by copying their CSS and all content or just fake markets that receive payments without sending anything to the buyer.

In some cases, these platforms do send an empty envelope to the victims, only for providing a valid tracking number and delay reports that would allow hosting providers or authorities to take them down faster.

This also reduces the chances of PayPal payment disputes blocking the funds from ending in the scammers’ accounts and allowing victims to recover their money.

Cloned site offering goods that will never be shipped.
Cloned site offering goods that will never be shipped.
Source: Kaspersky

How to stay safe while shopping online

Remember, you will see many product discounts and sales promotions during the holidays. However, the chances of some of them being scams are higher than usual.

To protect yourself and your banking account, you should use an internet security solution from a trusty vendor and always double-check that you’re on a legitimate site before entering your payment info.

If you stumble upon an offer that seems too good to be true, it’s probably a scam even in the context of Black Friday.

Finally, if you can use e-payments instead of credit cards, it would be preferable due to the less severe repercussions in the case of a data breach.

There are also one-time virtual cards with charging limits, so if you want to play it safe while shopping from less-known shops, there are ways to do it.

If you have to pay with your bank account or card, verify that the right amount has been charged and monitor all future transactions closely.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us