However, recent research from Kaspersky has revealed that despite the top 10 organisations used by phishers as bait remained practically unchanged in Q1 relative to 2020, online stores (15.77%) lead the way, followed by global internet portals (15.50%) and banks (10.04%).
Last year’s events affected the distribution of phishing attacks across the categories of targeted organisations. The three largest categories had remained unchanged for several years: banks, payment systems and global Internet portals. The year 2020 brought change. Online stores became the largest category with 18.12%, which may be linked to a growth in online orders due to pandemic-related restrictions.
In Q1 2021, Kaspersky experts found that the Anti-Phishing system prevented 79,608,185 attempted redirects to fraudulent websites. It has also been reported that 5.87% of Kaspersky users encountered phishing, and 695,167 new masks were added to the anti-phishing databases.
Over the past few years, the number of online stores and marketplaces has increased, and if earlier scammers mainly faked the websites of well-known companies, over time they began to use small and medium-sized businesses as a lure. Furthermore, fraud has become more diverse. Now besides well-known phishing schemes, Kaspersky researchers explain that there are also campaigns referred to as ‘brushing scams’.
David Emm Principal Security Researcher at Kaspersky, comments “The purpose is for the perpetrator – a seller on Amazon, for example, to boost their ratings by creating ‘fake’ reviews of their products. The seller then sets up a series of fake accounts. They also create a list of names, addresses and phone numbers of real people – these could be from a leak of data resulting from a hacked provider, from the electoral roll, from the phone directory, etc. The seller orders (their own) goods from the fake accounts they have set up and then ships the goods to people from their address list. Finally, they write product reviews from their fake accounts (i.e. the accounts used to pay for the goods) in an effort to boost their ratings.
“The person receiving the goods isn’t a victim of cybercrime – they’re simply being used as a cover for a marketing fraud. Nevertheless, I would recommend that anyone receiving unsolicited goods should report it to Amazon (or other seller); and – since it might not be clear at the outset if their account has been compromised – change their password and set up two factor authentication if they haven’t already enabled it.”
Shop online with confidence on Amazon Prime Day by following our useful online shopping tips: