Skip to main content

Banking Trojans are widely used tools in the arsenal of cybercriminals profiting from the sales season. Once the user browses in an online store, the Trojan saves all the data the user enters into the website’s forms. This means cybercriminals get access to a credit or debit card number, expiration date and CVV, and the victim’s site login credentials. Having obtained this information, the attackers may use it to empty the user’s bank account, use their card details for purchases or sell the data in the Dark web stores.

After a rapid drop in the number of attacks with banking Trojans in 2021, cybercriminals returned to this type of threat with renewed strength. In 2022, the number of attacks doubled compared to the same time period in 2021. From January to November, Kaspersky products detected and prevented almost 20 million attacks, meaning that the overall growth in the number of detections is 92%.


Overall number of attacks by banking Trojans, 2020-2022 (January - October)

The sales season inevitably attracts the attention of shoppers and retailers. However, it is also a favorite time for cybercriminals, who do not hesitate to cash in on online customers. Cybercriminals create juicy offers that are fake and expire quickly, so the user must hurry to get the goods for free or at the lowest price. This is where cybercriminals catch customers, who are hungry for freebies and don't look carefully at the site they are entering their data into: the phishing or the original one.

In 2022, Kaspersky experts also found numerous examples of phishing pages for the first time abusing BNPL services. These tools allow customers to split the cost of the purchase into several interest-free installments. Therefore, these services appeal to consumers, especially youngsters, and have proven to be particularly popular during shopping periods such as Black Friday.

An example of this scam is the misuse of a popular service named Afterpay (Clearpay in the U.K. and Italy), with 20 million active users across the world. Perpetrators set up a page mimicking the official website, tricking unsuspecting victims into entering their credit card numbers and CVVs into a fake form. After the user has entered their details, cybercriminals will try to steal as much money as possible from this card, emptying the victim's wallet.


The phishing page mimicking Afterpay is aimed at gaining access to a potential victim's account.

“The shopping event of the year - Black Friday - is a hot time not only for sellers and their buyers, but also for scammers who want to steal as much money as possible from hurried customers. The new scheme exploiting Buy Now Pay Later (BNPL) services only proves that cybercriminals do not stop in their desire to attack victims and come up with new methods to do so. On ordinary days the customer can easily understand: if the product is too cheap, it's most likely a scam, but during the Black Friday sales period this fact isn’t so clear. Shoppers become less vigilant and are therefore an easy target for cybercriminals. That's why it's so important to pay attention to which site you buy from, be careful with unfamiliar companies and use a reliable security solution,” comments Olga Svistunova, security expert at Kaspersky.

To learn more about Black Friday tricks and scams, read the full report on Securelist.

To enjoy the best that Black Friday has to offer this year, be sure to follow a few safety recommendations:

●      Protect all the devices you use for online shopping with a reliable security solution. Do not trust any links or attachments received by mail; double-check the sender before opening anything.    

●      Double-check e-shop websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?

●      In order to protect your data and finance, it is best practice to make sure the checkout page is secure, and that there is a locked padlock icon beside the URL.

●      If you want to buy something from an unknown company, check reviews before making any decision.

●      Despite taking as many precautions as possible, you probably won’t know something is amiss until you see your bank or credit card statement. So, if you’re still getting paper statements, don’t wait until they hit your mailbox. Log in online to see if all of the charges look legitimate – if not, contact your bank or credit card company immediately to fix the situation.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at

Black Friday report: banking credentials theft doubled in 2022

Kaspersky researchers reported the number of attacks via Banking Trojans stealing payment data, doubled in 2022 compared with 2021, reaching almost 20 million attacks. This year, in addition to this active campaign of banking credentials theft, cybercriminals did not stand still and developed new scam schemes. On Black Friday in particular, fraudsters used a new type of phishing scheme for the first time exploiting Buy Now Pay Later (BNPL) services. These are some of the findings from Kaspersky’s ‘How customers got scammed amid the Black Friday season in 2022’ report aimed at educating users on staying safe during the sales season.
Kaspersky Logo