Skip to Main Content
Avira Insight - Finding the lowest prices while shopping trumps safety; Why not do both?

Cybercriminals on the move this shopping season

Movement matters – for your physical and and online health – and for cybercriminals on the hunt. As Black Friday nears and the holiday shopping season heats up, it really makes a difference whether you do your online shopping on the go or while sitting at home

Cybercriminals have jumped early into this year-end shopping season, with their activity ramp up starting two months early in July. By September of this year, Avira phishing URL detections were up over 2.5 times year-on-year. But these threats are not evenly distributed between devices – there is a difference if you are standing or sitting while shopping.

Where’s the money?

From its humble beginnings with the sale of a single Sting album, online shopping is the name of the game. But this game itself is changing as not only are people spending more online then via traditional brick and mortar stores, they are doing this e-shopping away from home. As businesses adapt, e-shops and websites to be more mobile friendly, cyber-criminals are also changing their tactics.

It used to be a static war, with hackers targeting you at your desktop computer. Now the battlefield is as mobile as a smartphone. While legitimate e-shops can celebrate that potential customers are almost always within reach – so can the cybercriminals as they create special campaigns and scenarios to catch shoppers whether they are shopping via laptop or smartphones.

Shopping on the big screen

Cybercriminals know that a desktop shopper is most likely using a Windows driven PC. Given the size of a typical desktop or even laptop monitor, they have a large “artist’s palette” for creating phishing sites. Last year, the Avira Protection Lab charted a 61 percent increase in phishing attacks during the Black Friday period between September and December – the most active malware season of the year. This year, the seasonal movement started earlier and is faster.

Three types of phish

Phishing attacks take a variety of forms. These can be divided into three basic types:

  1. Attacks that happen when you you’re surfing online, and something odd pops up on your device. They include web pages with fake gift cards, redirectors with non-existent prizes, and a basket of poisoned advertisements.
  2. Phishing attacks via your email and social media accounts. They include those traditional phishing emails spoofing DHL and FedEx deliveries and an array of scams embedded in social media posts.
  3. Attacks that can happen when you’ve added an app to do a specific function and you get a barrage of questionable ads instead.

Shopping moves to the palm of your hand

Cybercriminals know that smartphones are no longer just for finding online bargains – they are for buying them as these handy devices provide a perfect closed commercial loop of looking, comparing, and purchasing. While this is logical, this also changes the risk environment as people store payment card information on their phones, connecting to the internet via insecure networks, and the smaller screen size makes it difficult to spot phishing sites.

Android, as the most common mobile operating system, is also the biggest target. Black Friday also brings increased exposure to malicious apps (mostly banking Trojans). From September* to December, the total number of malicious Android malware intercepted typically climbs by about 50%, with the Android/Banker specifically climbing 17.5%.

Bad stuff goes mobile

Cybercriminals can distribute a surprisingly wide selection of nasty stuff just by sending around a WhatsApp message saying “Click here to receive latest Black Friday coupons” with a link to a new coupon app. Three common schemes are with banking Trojans, Premium SMS fraud, and adware.

Banking Trojans like the new ExoBot variant have dynamic overlays to collect card data and other banking data like PIN codes. This malware typically has an “Activate device administrator?” window followed by an apparent Google Play request to add payment card details. Premium SMS Trojans are spread through malvertising campaigns. The Asos Coupons app looks innocent, but its first move is to send a premium SMS which would increase your phone bill.

Free coupon apps such as this actual Black Friday coupon app in shown below teeter on the edge between adware and a traditional ad-supported apps.

Shown here are some of user complaints about the ads.

This highly aggressive approach – demonstrated by the number, frequency, and position of the shown ads – is why Avira flags the app as ADWARE/ANDR.Airpush.W.Gen.

Safer shopping with devices both big and small

You are potentially under attack whenever online. Whether you are shopping from the comfort of your home office or comparing fit and prices in a boutique garment shop — cybercriminals have a campaign designed for you and your device. Here are five security recommendations to keep yourself safe:

  1. Click with care – In everything you do online, whether it is with a device large or small, be careful where you click or enter your private data. If a page lacks that padlock icon of a secure HTTPS page – get out of there.
  2. Don’t pass on passwords – Recycling passwords is a common – and highly insecure habit. So is storing them in plain text on your device. Make your life easier – and much more secure – with a password manager to hold your private details and financial data.
  3. Go official (carefully) – Off-market apps are a significant source of malware for both Android and Windows devices. And even with official apps from the official stores, read the reviews and look at what the new app has permission to do before completing that installation.
  4. Mind the network – Free WiFi can be great – but not for anything that needs to be private or includes your financial details. If you have to use it for shopping, get a real VPN to make it more secure.
  5. Be the decider – It’s up to you to decide between what’s an acceptable ad-supported app or irritating adware. Read the Terms & Conditions before installing every app – and notice any funky business. Just to double check, do a quick web search for any news or vulnerability announcements.
Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.