How cybercriminals adjusted their scams for Black Friday 2021


Black Friday is approaching, and cybercriminals are honing their malware droppers, phishing lures, and fake sites while shoppers prepare to open their wallets.

As researchers at Kaspersky point out, scammers are already targeting people with fake tickets for the FIFA World Cup 2022.

The security firm shared a detailed report highlighting the most common threats expected to surface during this year’s Black Friday, as well as the Christmas shopping season.

Phishing for data and e-payment accounts

Kaspersky’s products alone detected over 40 million phishing attacks from January to October 2021, with Amazon, eBay, Alibaba, and Mercado Libre being the most popular lures.

As such, if you receive emails concerning promotions and discounts on large e-commerce platforms, you should treat them with extra caution.

In terms of trends, phishing actors doubled their effort to steal account credentials for e-payment systems (also known as online payment systems), with October 2021 seeing a rise of 208% compared to the month before.

While banking credentials are still targeted, phishing actors tend to favor e-payment systems more now, as those have risen in popularity by 40% during the last two years.

Phishing types in 2021
Phishing targets in 2021
Source: Kaspersky

Banking trojans fading

Kaspersky has found that cybercriminals used 11 distinct malware families against shoppers in 2021, with more than half of them being variants of Zeus banking trojan.

The list of other popular strains used in 2021 malware attacks also includes Qbot (deployed in 13.9% of the total number of incidents), Anubis (13.4%), Trickbot (11.6%), and Neurevt (4.8%).

An interesting trend emerging from Kaspersky’s stats is the number of infections, which has dropped from 20 million in the past two years to just 10 million this year.

This decline is in line with the shift of the threat actors’ attention to electronic payments. Most of these trojan families have a narrow targeting scope limited to specific financial institutes or platforms, so they require more effort to target a larger array of potential victims.

Malware deployed now is more specialized for e-commerce platforms, looking to steal e-shop account credentials, bank card…