Phishing Attacks In 2024: Criminals Target 38m Shoppers, Bank Users

In 2024, the number of phishing attacks targeting online shoppers surged to over 38 million, with cybercriminals exploiting the holiday shopping rush and impersonating trusted brands, The News reported.

These malicious actors used a variety of tactics to steal sensitive personal information, from fraudulent discounts to bogus prize offers, all designed to trick consumers into sharing payment details on fake websites.

Phishing scams often involve scammers masquerading as well-known retailers, sending enticing emails that promise special offers or discounts. These emails direct recipients to websites designed to look nearly identical to the real thing, tricking users into entering their financial details on fraudulent platforms.

via GIPHY

Another scam that’s gaining traction targets consumers eager for free prizes. Fraudsters send messages claiming they’ve won a prize through a time-sensitive survey, often promising high-value items like iPhones.

Kaspersky’s recent findings show a sharp increase in phishing attacks related to online shopping, payment systems, and banking. Between January and November 2024, their systems blocked over 38 million phishing attempts — a staggering 25% jump from the previous year.

The majority of these attacks (44.41%) targeted individuals using online banking services. With more consumers preparing for major shopping events in November and December, cybercriminals are gearing up to take advantage of the busy season.

What’s more concerning is that stolen data is not just being used by criminals directly but is often sold on the dark web, where it can be bought and sold for various malicious purposes.

Data sets containing full credit card information — known as “fullz” in underground markets—are being sold for significant amounts, often including card numbers, CVVs, and billing addresses. Some dark web vendors are even adopting marketing tactics similar to legitimate online retailers, offering discounts and bundle deals in an attempt to lure in potential buyers.

Prioritize Ecommerce Security

Did you know that global ecommerce fraud losses are expected to reach $91 billion in 2028?

Needless to say, if you’re an online store owner, you should be well aware of the latest ecommerce security protocols, including threats and remediation tools.

Read in detail in our blog about e-commerce security tips.

Don’t Worry About Security With Cloudways Managed Ecommerce Hosting

Get the Cloudflare Enterprise addon with Cloudways ecommerce hosting for just $4.99 and secure your store against DDoS attacks & malicious traffic.

Try Free Now

Phishing Attack Tools

Phishing attack tools are typically used by security professionals to simulate phishing campaigns for testing purposes, training employees, or assessing the security posture of an organization.

Below are some of the commonly used tools for ethical phishing testing and simulated phishing campaigns:

• Gophish
• Phishsim
• Kingphisher
• Cuckoo Sandbox

How to Avoid Phishing Attacks

As the threat landscape continues to evolve, experts urge consumers to take extra precautions when shopping online:

• Avoid interacting with any links or attachments in unsolicited emails or messages.
• Always verify the sender’s details before responding to any communication.
• Double-check the website’s URL and look for signs of legitimacy, like correct spelling and professional design.
• Use comprehensive security software on all devices used for online shopping.
• Set up alerts for financial transactions and regularly review account statements. If something feels off, contact your bank or credit card provider right away.

By staying cautious and following these tips, shoppers can better protect themselves against the growing number of scams targeting online consumers. The holiday season may bring deals, but it also brings new risks, making it essential to stay one step ahead of the scammers.