With people going on a shopping spree this ‘Black Friday’ shopping week, cybersecurity experts have warned shoppers to be cautious about phishing scams such as ‘Buy Now Pay Later’ (BNPL) offers.
Cybercriminals create juicy offers that ‘expire quickly’, encouraging shoppers to rush into purchases to get the goods at the lowest price.
Cybersecurity solutions firm Kaspersky has found that hackers have used a new type of phishing scheme for the first time, exploiting BNPL services.
“The shopping event of the year - Black Friday - is a hot time not only for sellers and their buyers, but also for scammers who want to steal as much money as possible from hurried customers,” said Olga Svistunova, a security expert at Kaspersky.
“Shoppers are less vigilant during such sales and become an easy target for cybercriminals. That’s why it’s so important to pay attention to which site you buy from, to be careful with unfamiliar companies, and use a reliable security solution,” she said.
The firm found a number of phishing pages to cash in on BNPL services. They make these fake offers appealing by providing ‘interest-free EMI options’.
Stealing payment data
The Moscow-based firm said the number of attacks via banking Trojans stealing payment data doubled in 2022 compared with 2021, reaching almost 20 million attacks.
“Once the user browses in an online store, the Trojan saves all the data the user enters into the website’s forms. This means cybercriminals get access to a credit or debit card number, expiry date and CVV, and the victim’s site login credentials,” it said in a report.
Using this information, hackers can use the victims’ credit cards for purchases. They can also sell the data in the dark web.