Skip to main content

Kaspersky reports nearly 25% surge in retail-focused cyberthreats ahead of Black Friday

20 November 2024

In 2024, cybercriminals launched over 38 million phishing attacks, impersonating major marketplaces, banks, and tech retailers. Stolen payment card data is actively traded on dark web forums, with prices ranging from $70 to $315 per set.

Kaspersky closely monitors the evolving landscape of shopping-related cyber threats. As shoppers prepare for major sales events like Black Friday in search of the best deals, the company’s researchers observe cybercriminals and fraudsters gearing up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures.

Between January and November 2024, Kaspersky solutions blocked 38,473,274 phishing attacks related to online shopping, payment systems, and banking institutions. Of these, 44% involved using banking services as bait — representing an increase of almost a quarter compared to the 30,803,840 million phishing attempts recorded during the same period last year. 

Scammers frequently impersonate major retailers like Amazon, Walmart, and Etsy, sending deceptive emails claiming to offer exclusive discounts. These emails link to fake websites designed to mimic legitimate ones, often with subtle errors like misspellings or slightly altered domain names. Victims attempting to shop on these sites typically lose money. 

Another widespread scam exploits consumers' desire to win prizes. Fraudsters send messages promoting limited-time surveys with prize draws, offering valuable rewards like a free iPhone 14. To create urgency, they claim only a few “chosen” users can access the deal, pressuring recipients to act quickly. Scammers offer a “reward” for sharing some “basic info," such as an email address, and spending some money on a fake site.

Kaspersky experts have traced the pathways of fraudulent activity, revealing that stolen data is either exploited directly by scammers or sold on dark web marketplaces. The value of the data determines its price. For instance, comprehensive sets of stolen credit card details, known as "fullz," typically include the card number, expiration date, CVV code, cardholder’s name, billing address, and phone number.

An example of a dark web ad selling user shopping data. Retrieved with Kaspersky Digital Footprint Intelligence

An example of a dark web ad selling user shopping data. Retrieved with Kaspersky Digital Footprint Intelligence

"This year, dark web markets mirror the pricing strategies and marketing tactics of legitimate online retailers. Some even offer Black Friday-style promotions, such as discounts and bundled deals, similar to seasonal sales found on mainstream websites," comments Marc Rivero, lead security researcher at Kaspersky's Global Research and Analysis Team.

Within this campaign, a seller was offering a 10% discount on stolen credit card details from countries like Canada, Australia, Italy, and Spain – with pricing between $70 and $315 for a card depending on the card's quality and the region it was from.

Black Friday sales on the dark web. Retrieved with Kaspersky Digital Footprint Intelligence Black Friday sales on the dark web. Retrieved with Kaspersky Digital Footprint Intelligence

To enjoy the best that Black Friday has to offer this year, be sure to follow a few safety recommendations:

  • Do not trust any links or attachments received by mail; double-check the sender before opening anything.    
  • Double-check e-shop websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?
  • Protect all the devices you use for online shopping with a reliable security solution. Kaspersky Premium is protecting its’ users from various range of shopping scams.
  • Set up payment notifications and regularly check financial statements. Contact your bank or credit card company if you have any concerns about operations.
  • Set up automatic payment notifications and regularly review your financial statements. If you notice any unusual activity on your account, contact your bank or credit card company.

To learn more about the shopping threat landscape in 2024, visit Securelist.com.

Kaspersky reports nearly 25% surge in retail-focused cyberthreats ahead of Black Friday

In 2024, cybercriminals launched over 38 million phishing attacks, impersonating major marketplaces, banks, and tech retailers. Stolen payment card data is actively traded on dark web forums, with prices ranging from $70 to $315 per set.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases