Online stores (15.77%) most likely to be used by phishers as bait – demonstrating the need for safer online shopping

However, recent research from Kaspersky has revealed that despite the top 10 organisations used by phishers as bait remained practically unchanged in Q1 relative to 2020, online stores (15.77%) lead the way, followed by global internet portals (15.50%) and banks (10.04%).

Last year’s events affected the distribution of phishing attacks across the categories of targeted organisations. The three largest categories had remained unchanged for several years: banks, payment systems and global Internet portals. The year 2020 brought change. Online stores became the largest category with 18.12%, which may be linked to a growth in online orders due to pandemic-related restrictions.

In Q1 2021, Kaspersky experts found that the Anti-Phishing system prevented 79,608,185 attempted redirects to fraudulent websites. It has also been reported that 5.87% of Kaspersky users encountered phishing, and 695,167 new masks were added to the anti-phishing databases.

Over the past few years, the number of online stores and marketplaces has increased, and if earlier scammers mainly faked the websites of well-known companies, over time they began to use small and medium-sized businesses as a lure. Furthermore, fraud has become more diverse. Now besides well-known phishing schemes, Kaspersky researchers explain that there are also campaigns referred to as ‘brushing scams’.

David Emm Principal Security Researcher at Kaspersky, comments “The purpose is for the perpetrator – a seller on Amazon, for example, to boost their ratings by creating ‘fake’ reviews of their products. The seller then sets up a series of fake accounts. They also create a list of names, addresses and phone numbers of real people – these could be from a leak of data resulting from a hacked provider, from the electoral roll, from the phone directory, etc. The seller orders (their own) goods from the fake accounts they have set up and then ships the goods to people from their address list. Finally, they write product reviews from their fake accounts (i.e. the accounts used to pay for the goods) in an effort to boost their ratings.

“The person receiving the goods isn’t a victim of cybercrime – they’re simply being used as a cover for a marketing fraud. Nevertheless, I would recommend that anyone receiving unsolicited goods should report it to Amazon (or other seller); and – since it might not be clear at the outset if their account has been compromised – change their password and set up two factor authentication if they haven’t already enabled it.”

Shop online with confidence on Amazon Prime Day by following our useful online shopping tips:

• Remember that Amazon will never ask you for your account login information by e-mail or text message;
• If you suspect a notification e-mail is fake, but you’re still worried, log in to your account directly (not by clicking the link in the e-mail!) and check for warnings or notifications;
• Pay attention to grammar. If the language looks perfect, the e-mail isn’t necessarily legit, but if you see errors, then you’re almost certainly looking at spam;
• If you’ve entered your details where you shouldn’t, or if you suspect you’ve been hacked, immediately contact Amazon support;
• Never send a product before you see the payment directly in your personal account, not simply a promise that it’s coming;
• Conduct all communication and monetary transactions within Amazon, the best assurance of successfully resolving any issues that may arise;
• Remember that phishing messages can come not only by e-mail, but also in texts (a method of fraud called smishing), and by voice over the phone (that would be vishing);
• Install on all of your devices reliable protection that will warn you about online scams and phishing, prevent your financial details from being intercepted, and save you from a whole bunch of other online troubles.