Cybercriminals launched over 38 million phishing attacks globally in 2024, targeting online shoppers, banking service users, and tech retailers, according to Kaspersky.Â
These attacks, marked by deceptive emails and fake websites, aimed to steal personal data, payment details, and funds while trading stolen information on dark web marketplaces.
Phishing scams often involve fraudsters impersonating major retailers or financial institutions. Fake emails promising exclusive discounts or prize-winning opportunities redirect victims to counterfeit websites designed to mimic legitimate ones. These sites dupe users into entering sensitive information, resulting in financial loss or unauthorized use of stolen data.
Kaspersky reported that its systems blocked 38,473,274 shopping-related phishing attacks between January and November 2024, reflecting a 25% increase compared to the same period last year. Banking service users were the primary targets, accounting for 44.41% of these attacks.
Stolen data, including full credit card details such as card numbers, CVV codes, and billing addresses, are frequently sold on dark web platforms. Kaspersky experts noted that some dark web marketplaces are adopting sales tactics similar to legitimate e-commerce platforms, offering discounts and bundle deals to attract buyers for stolen data.
To stay safe during the sales season, experts advise consumers to verify email senders before clicking links, scrutinize URLs for errors, and avoid entering personal information on suspicious websites. Installing reliable cybersecurity solutions on devices, enabling payment notifications, and monitoring financial statements regularly can help detect fraudulent activity. Shoppers noticing suspicious transactions should immediately contact their banks or credit card providers.
As global sales events peak in November and December, cybercriminals are poised to exploit the increased demand, prompting experts to warn consumers to remain vigilant against evolving cyber threats.
