Black Friday report: banking credentials theft doubled in 2022

Deniza Cristian 24/11/2022 | 11:18

Kaspersky researchers reported the number of attacks via Banking Trojans stealing payment data, doubled in 2022 compared with 2021, reaching almost 20 million attacks. This year, in addition to this active campaign of banking credentials theft, cybercriminals did not stand still and developed new scam schemes.


On Black Friday in particular, fraudsters used a new type of phishing scheme for the first time exploiting Buy Now Pay Later (BNPL) services. These are some of the findings from Kaspersky’s ‘How customers got scammed amid the Black Friday season in 2022’ report aimed at educating users on staying safe during the sales season.

Banking Trojans are widely used tools in the arsenal of cybercriminals profiting from the sales season. Once the user browses in an online store, the Trojan saves all the data the user enters into the website’s forms. This means cybercriminals get access to a credit or debit card number, expiration date and CVV, and the victim’s site login credentials. Having obtained this information, the attackers may use it to empty the user’s bank account, use their card details for purchases or sell the data in the Dark web stores.

After a rapid drop in the number of attacks with banking Trojans in 2021, cybercriminals returned to this type of threat with renewed strength. In 2022, the number of attacks doubled compared to the same time period in 2021. From January to November, Kaspersky products detected and prevented almost 20 million attacks, meaning that the overall growth in the number of detections is 92%.

In 2022, Kaspersky experts also found numerous examples of phishing pages for the first time abusing BNPL services. These tools allow customers to split the cost of the purchase into several interest-free installments. Therefore, these services appeal to consumers, especially youngsters, and have proven to be particularly popular during shopping periods such as Black Friday.

An example of this scam is the misuse of a popular service named Afterpay (Clearpay in the U.K. and Italy), with 20 million active users across the world. Perpetrators set up a page mimicking the official website, tricking unsuspecting victims into entering their credit card numbers and CVVs into a fake form. After the user has entered their details, cybercriminals will try to steal as much money as possible from this card, emptying the victim’s wallet.

To learn more about Black Friday tricks and scams, read the full report on Securelist.

To enjoy the best that Black Friday has to offer this year, be sure to follow a few safety recommendations:

  • Protect all the devices you use for online shopping with a reliable security solution. Do not trust any links or attachments received by mail; double-check the sender before opening anything.
  • Double-check e-shop websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?
  • In order to protect your data and finance, it is best practice to make sure the checkout page is secure, and that there is a locked padlock icon beside the URL.
  • If you want to buy something from an unknown company, check reviews before making any decision.
  • Despite taking as many precautions as possible, you probably won’t know something is amiss until you see your bank or credit card statement. So, if you’re still getting paper statements, don’t wait until they hit your mailbox. Log in online to see if all of the charges look legitimate – if not, contact your bank or credit card company immediately to fix the situation.
BR Magazine | Latest Issue

Download PDF: Business Review Magazine December (II) 2023 Issue

The December (II) 2023 issue of Business Review Magazine is now available in digital format, featuring the main cover story titled “A Visionary Leader Entrusted With Consolidating CPI's Portfolio
Deniza Cristian | 21/12/2023 | 14:13
Advertisement Advertisement
Close ×

We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

Accept & continue