skip to main content

As Online Phishing Attacks Mushroom, E-Commerce Merchants Are Favored Lures

Digital Transactions

More than 30 million phishing attacks were launched against online stores, payment systems, and banks during the first 10 months of 2023, according to the latest report from Kaspersky Labs, a Moscow-based cybersecurity and antivirus provider operated by a holding company in the United Kingdom.

E-commerce platforms bore the brunt of those attacks as they were used as a lure to dupe consumers into making purchases from phony merchant Web sites for products they will never receive. More than 13 million such scams, or more than 43% of the total phishing attacks seen through October of this year, used e-commerce shopping platforms as their lure. Web pages mimicking shopping platforms such as Amazon, eBay, Walmart, AliExpress, and Mercado Libre), totaled 6.2 million in the first ten months of 2023.

Apple was the most popular brand used as a lure, with the tech giant’s name appearing in more than 2.8 million phishing scams through from January through October.

Kaspersky used data from its Kaspersky Security Network, which processes anonymized cyberthreat data voluntarily shared by Kaspersky users, to track the phishing trends. Data for the report were gathered from January through October of this year.

Patterns associated with the scams include consistent use of similar Web-site templates, often repetitively, and the utilization of generic and often suspicious domains, such as “.top”.

One frequently used scam is an offer to acquire an €800 gift card ($875.89) for €1.95 ($2.13). Consumers were prompted to provide their contact and payment information to take advantage of the offer.