Skip to main content

Black Friday security alert as hackers spoof popular brands

(Image credit: Image source: Shutterstock/deepadesigns)

Hackers are taking full advantage of the upcoming holiday season to prey on people looking to buy gifts online. This was confirmed by Kaspersky Lab, who said people looking to buy gifts online should be extra careful, especially people in Italy, Germany, the US, Russia who seem to be 'particularly at risk'.

Hackers are using well known e-commerce brands, spoofing their websites as they try to steal people's credentials and other vital information.

They are mostly using Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye. Kaspersky Lab says so far it has spotted 9.2 million attempted attacks by the end of Q3, 2018, compared to 11.2 for the whole of 2017.

Half of all the brand names that are targeted by malware are 'established high street labels', which inclodes fashion, jewelry, toys and such. Second biggest industry is electronics, followed by entertainment and gaming.

“Credential-stealing banking malware is nothing new. However, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected. If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details while you enter them on the shop’s website,“ said Yury Namestnikov, principal security researcher, Global Research and Analysis Team, Kaspersky Lab.

“After that, it is easy for a hacker to get to your money through a compromised credit card. Cybercriminals could also use the stolen accounts in money laundering schemes: buying things from a website using victims’ credentials so they look like known customers and don’t trigger any anti-fraud measures, and then selling those items on again. As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data.”

Businesses should only use reputable payment services and keep them updated, make sure they have a tailored security solution set up, pay attention to the personal information used by customers and restrict the number of attempted transactions, Kaspersky suggests.

Image source: Shutterstock/deepadesigns