Singles’ Day is coming: Phishing attempts grow amid the large e-commerce sale day
November 2020 by Kaspersky
Kaspersky researchers have observed fraudulent activities around e-commerce during an active sales period – Singles’ Day (11th November ). Originally a sale in China, Singles’ Day is now relevant to everyone around the world who turns to e-commerce for shopping, with some of the best deals promoted weeks before the actual holiday. Due to the popularity of online shopping platforms and this sale, scammers are targeting users everywhere with topical phishing scams and spam, which enables them to steal victims’ personal credentials in order to access their accounts – from email passwords to banking apps.
Promotions for the actual sale start off a few weeks before 11th November and so do scammers. In order to get a picture of how phishing dynamics look like ahead of the holiday, the researchers looked back into what happened in 2019. Analysis of financial phishing detections in late October and early November in 2019, a few weeks before the Single’s Day, shows that the number of phishing attempts grew significantly as the holiday was nearing, peaking at 1,387 detections in the UK on 9th November, only a few days ahead of the day.
Financial phishing attacks in the weeks preceding Singles day in 2019
Phishing page sample in 2020 mimicking the Alibaba platform
“Autumn is the time when we start getting bombarded with sale offers – people are preparing for the holiday season well in advance and stores respond accordingly. Getting a good deal is always pleasant and in the turbulent times like this year, good sale offers are likely to be received by consumers even better. In the hype of this sale spree it is important to stay alert as scammers are always happy to take advantage of unwitting users and phish out their personal details, including financial information,” comments Tatyana Sidorina, security researcher at Kaspersky.
To make sure your 11th November shopping spree is not spoilt by spam and phishing, follow these recommendations:
• If you receive a link to a great offer via email, check the embedded hyperlink – sometimes it may differ from the one that is visible. If it does, access the deal page directly through the legitimate website
• Only make purchases through official marketplaces and pay attention to the web addresses if you are redirected to them from other landing pages. If they differ from the official retailer, consider checking the offer you were redirected to by looking for it on the official web page
• Use a security solution with behaviour-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will notify you if you are trying to visit a phishing web page
• Never use the same password for several websites or services, because if one is stolen, all your accounts will become vulnerable. To create strong hack-proof passwords without having to face the struggle of remembering them, use password managers, such as Kaspersky Password Manager