Kaspersky researchers are reporting on phishing pages dedicated to the International Women’s Day gifts purchase. The fraudsters exploit users who wish to buy presents for women on International Women’s Day. In 2021 some of them are even offering such gifts for free.
Fraudsters create phishing webpages to scam users by either pretending to be a legitimate service or simply offering non-existent goods. Such landings might often be disguised as lotteries, offering users a reward with only a few conditions.
One of them usually includes distributing a link through social media channels (making it appear even more trustworthy to future victims) and entering their credentials ranging from logins and passwords to, most often, bank card details.
This is followed by transactions taken to either ‘test if you are a real person’ and as a seemingly small incentive meant as a payment for the prize transportation/delivery.
A phishing page with an International Women’s Day scam
In 2020, Nigeria saw 1.2 million phishing attacks on users. While these attacks rely on social engineering, their success does not depend on technical advances. Therefore, they are usually among the most prevalent threat users can encounter.
“A typical phishing scam relies on two main factors: the appealing offer and the urgency of the service proposed,” says Mikhail Sytnik, a security expert at Kaspersky. “This is why holidays and commemorative days are often a fruitful time for them, especially on the actual days of the celebration, when many people are frantically looking for a gift they forgot to buy in advance. Seeing an enticing proposal that offers exactly what you need ASAP can cloud judgements. We urge everyone to be careful with the gifts and make sure nothing casts a damper over your celebrations!”
Kaspersky experts responsible for phishing attacks prevention share the following recommendations on how to avoid falling for such scams:
- If you receive a link to a great offer via email, make sure to check the embedded hyperlink – sometimes, it may differ from the visible one. If it does, access the deal page directly through the legitimate website.
- Only make purchases through official marketplaces and pay attention to the web addresses if you are redirected to them from other landing pages. If they differ from the official retailer, consider checking the offer you were redirected to by looking for it on the official web page.
- Use a security solution with behaviour-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will notify you if you are trying to visit a confirmed or suspected phishing webpage.
- Never use the same password for several websites or services because if one is stolen, all your accounts will be made vulnerable. To create strong, hack-proof passwords without having the struggle of remembering them, use password managers, such as Kaspersky Password Manager.