Summer Discounts and Back-to-School Season: A Boon for Cybercriminals
The summer discounts and back-to-school season not only boost the economy but also serve as a favorite period for cybercriminals, with an increase in phishing campaigns impersonating online stores to steal personal data and bank cards.
According to Kaspersky, over 1,000 malicious domains have been registered in Latin America, primarily of Chinese origin, that mimic online stores selling clothing, footwear, accessories, sports items, supermarkets, and department stores.
The most affected countries are Mexico, Chile, and Brazil; however, the risk is higher in the Mexican market since only 43% of the population knows what phishing is, according to cybersecurity firm figures.
Irresistible Offers Leading to Fraud
Cybercriminals take advantage of the trust in well-known brands and post attractive discount ads on Facebook and Instagram. When users click “buy,” they are directed to fraudulent sites that imitate the design and visual identity of official stores.
To establish credibility, these portals register domains that are nearly identical, with minor variations like doubling letters, substituting them with numbers, or adding dashes to deceive users and redirect them to a fake page.
“Once inside, victims find a nearly exact copy of the real site, with design, logos, and product categories that appear legitimate, all meticulously crafted to steal information,” the company explains.
These fake sites also display false security seals or “guarantee” labels and allow payments via credit and debit cards, requesting personal information such as name, address, phone number, and email. This data does not reach a bank but falls directly into the hands of scammers.
They also enable offline payments, like making deposits at convenience stores; in these cases, users receive a payment reference, and upon making the deposit, the money is directly transferred to criminals without any chance of recovery.
With the data, delinquents can clone cards, make unauthorized charges, or sell the information on the dark web. This issue is exacerbated as 46% of Mexicans share personal information while online shopping, making them more vulnerable, according to Kaspersky.
“These campaigns exploit the popularity of brands, the trust users place in them, and the allure of seasonal offers to deceive on a massive scale. Part of the problem is that some Latin Americans still don’t know how to verify if a website is genuine, making them particularly vulnerable. The good news is that as cybercriminals refine their methods, effective strategies to counter them also exist,” said María Isabel Manjarrez, a security researcher on Kaspersky’s global Research and Analysis team for Latin America.
A Challenge for Entrepreneurs and Consumers
The rapid growth of e-commerce in Mexico also implies that both small businesses and customers must strengthen their digital security culture. Despite being the primary ally of cybercriminals, ignorance can be reduced through education, prevention, and technology.
For entrepreneurs, the challenge extends beyond safeguarding their transactions; it also involves generating customer trust since each fraudulent incident in the digital environment damages e-commerce credibility. This compels small businesses to invest in security certificates, reliable payment platforms, and clear communication campaigns to differentiate themselves from fraudulent sites and ensure customers feel safe when shopping with them.
How to Protect Yourself from Phishing
Kaspersky advises staying vigilant towards “irresistible offers” on social media and always verifying the authenticity of websites. Warning signs like spelling errors, strange domains, or non-functioning sections can indicate fraud.
They also recommend checking if the website has a secure connection (https:// and a lock icon in the address bar), using digital or temporary cards for online purchases, and having cybersecurity solutions that alert about malicious sites.
If you’ve shared data on a fake site, the immediate recommendation is to block your card, cease communication with scammers, and report the incident to authorities.
Key Questions and Answers
- What is phishing? Phishing is a cybercrime that tricks users into providing sensitive data, like banking information, through deceptive emails, messages, or websites.
- Why are summer discounts and back-to-school season popular for cybercriminals? These periods see increased online shopping, allowing scammers to impersonate legitimate stores and steal personal data.
- How do fake online stores operate? They create nearly identical websites to real stores, use false security seals, and request personal information for offline payments.
- What can consumers do to protect themselves? Stay vigilant, verify website authenticity, look for secure connections, and use cybersecurity solutions.
- What should businesses do to protect customers? Invest in security certificates, reliable payment platforms, and clear communication strategies to build trust.
