2 weeks Ago By Zak Doffman, Contributor
Do not click here. Dangerous websites primed to steal your money or your information (or both) remain a huge threat whatever device you choose to connect, but it’s much worse when it’s your cell phone, with those mobile threats now surging . Chrome, Safari and Edge dominate the U.
S. browser market, and all those users are at risk from these tricks and attacks. In a new report that has not yet received enough attention, the team at Kaspersky warns of an almost four-fold increase in mobile financial malware in 2024 versus 2023, with Android users unsurprisingly the worst affected.
But while banking and crypto malware surges, the less headline-grabbing dangers lurking in fake online stores that lure victims through competitions and discounts continue to be more a threat than they should. We saw this during last year’s holiday shopping season , and those threats show no signs of slowing down. The advice is simple — do not shop on websites that you access via links in messages or emails or forums, especially where those links are framed around competitions, giveaways, discounts or the availability of hard-to-find items.
Zimperium warns this is fast becoming a “mobile-first attack strategy,” with users more vulnerable and susceptible on phones than larger devices. And that includes the “insidious new attack vector — the pairing of social engineering with mobile devices.” According to Kaspersky, the one constant in this world is Amazon topping the charts as the most mimicked brand by ecom cybercriminals.
That was the case in 2024, and the team warns “there is every chance Amazon will retain its dubious honor into 2025.” Kaspersky also warns that while “Apple’s share of attacks dropped nearly 3%..
. Netflix scams grew slightly [and] fraudsters’ interest in Alibaba increased.” These global brands will always attract the most cyber activity given the inherent trust and likelihood that targeted consumers will already have a relationship with the company.
Top 10 online shopping brands mimicked in 2024. Kaspersky highlights a range of tactics to trick shoppers into clicking malicious links in messages, emails or online links, including “free prizes and offers” that are too good to be true. “Often scammers require ‘commissions’ to get the prize or ask user to pay for delivery.
After receiving the money, they disappear.” But there are also now variations on this theme, including. “precious gifts used by phishers to trick users into giving out their credentials.
” An example of this is Amazon gift cards which require a user “to enter a OTP code on a phishing website. Although such codes are temporary, the scammers may use them to log in to victim’s account or perform a fraudulent transaction as soon as it is entered into the fake form.” This verification tactic comes in different guises, including “fake security alerts or urgent messages claiming suspicious activity,” which lure victims to “counterfeit pages resembling platforms like eBay, where entering data (for example, credentials, payment data or documents) hands them over to scammers.
” Cybercriminals are also making more use of online marketplaces , with “fake storefronts or seller profiles.” These present too-good-to-be-true offers, often on hard-to-get items. “Shoppers drawn in by the deals unknowingly provide payment details, only to receive nothing in return.
” While popular browsers are being enhanced to filter out such threats before they turn up on your computer or phone, the best defense remains common sense. “Do not follow links in suspicious messages,” Kaspersky says, “and double-check web pages before entering your secrets, be it credentials or banking card details.” In reality, if you want to shop online, stick to stores you already use or can easily verify as legitimate.
Access these through web searches and never through links. And always remember that too-good-to-be-true offers are almost always exactly that..
