Cybercriminals masquerade as John Lewis to exploit shoppers

November 2019 by David Emm, Principal Security Researcher, Global Research Analysis Team (GReAT) chez Kaspersky Lab

In light of the news this evening that cybercriminals are trying to exploit shoppers by using a fake John Lewis voucher giveaway, the commentary from David Emm, Principal Security Researcher at Kaspersky.

“Scammers are attempting to appear legitimate by basing their scams around the John Lewis name, a trusted UK retailer. They’re hoping that unsuspecting shoppers will click on it and disclose personal details.” “Our researchers have found that there has been a 15% increase in e-commerce attacks, highlighting that shoppers are now more vulnerable than ever. Typically, we associate e-commerce attacks with phishing emails that direct shoppers to submission forms where their personal and banking details can be stolen, but it is becoming increasingly common for criminals to monitor the screens of consumers remotely through malware attached to websites and mobile applications.

“Shoppers must be on red alert, especially at this time of year. Black Friday, Cyber Monday and the seasonal shopping run-up is effectively hunting season for cybercriminals, who are always looking to steal personal details, card numbers or bank account credentials from unknowing victims.

“Consumers need to use extra caution when using their mobile device for online purchases. Shortened URLs, often used because they are phone-friendly, can hide the fact that they lead to a risky site. Shoppers should manually type in an URL themselves if they would like to browse the deals on offer at a certain retail website.”




