November 17, 2017

Holiday sale shoppers safest from phishing attacks on ‘Gray Saturday’

Woburn, MA – November 17, 2017 – Annual sales on Black Friday and Cyber Monday offer incredible savings opportunities for consumers, but according to Kaspersky Lab these are also peak days for financial phishing attacks.

Woburn, MA – November 17, 2017 – Annual sales on Black Friday and Cyber Monday offer incredible savings opportunities for consumers, but according to Kaspersky Lab these are also peak days for financial phishing attacks. Kaspersky Lab's annual review of phishing attacks during the holiday sales season found that consumers are significantly safer on ‘Gray Saturday,’ when the number of such attacks can decrease by as much as 33 percent, despite it being a top shopping day.

With U.S. consumers expected to spend an average of $967.13 during the holiday season this year, cybercriminals will be looking for ways to divert some of that money into their own wallets. Impersonating a retail brand through phishing attacks is one way that cybercriminals can effectively target consumers during the holiday shopping season. Traditionally distributed by email, phishing attacks can also lure consumers through web links, ad banners, social media and more. These attacks aim to persuade people to provide their personal financial data, such as bank account information, credit card details or account passwords, under the assumption that they are dealing with the actual, reputable brand.

The day after Black Friday, dubbed by Kaspersky Lab as ‘Gray Saturday,’ represents a rare moment of respite from cybercriminals in an increasingly busy holiday shopping season. Kaspersky Lab research found evidence of a dip in financial phishing attacks on Gray Saturday in both 2015 and 2016. In 2016, there was a decline of 33 percent in the number of attacks mimicking popular online retail and payment brands on this day (from around 770,000 to 510,000 detections), despite it being the second biggest shopping day of the holiday season.

Grey Saturday

The change in the number of phishing attacks using names of popular retail, banking and payment brands during Black Friday week in 2015 and 2016 (data from all Kaspersky Lab security components – heuristic, offline and cloud detections)

“The rise in people using online payments, banking and shopping means that financial phishing attacks are now consistently high all year round, but the holiday season makes it so much easier to hide in the noise,” said Nadezhda Demidova, lead web-content analyst, Kaspersky Lab. “At this time of year, marketing and advertising levels go through the roof, and with consumers increasingly making their transactions on mobile devices – often while out and about and in a hurry – almost everyone is more exposed and has less time to think and check. On Gray Saturday, we have seen the number of phishing attacks drop significantly. Weekends generally see lower numbers of attacks and fewer people online, but on this big shopping day that’s an extra advantage. We expect this trend from 2016 to continue in 2017, so if you plan on shopping online these holidays, choose the day wisely.”

Other key findings of the Kaspersky Lab report include:

  • Following a decline in 2015, financial phishing abusing online payment systems, banks and retailers increased again in 2016.
  • Financial phishing now accounts for half (49.77 percent) of all phishing attacks, up from 34.33 percent in 2015.
  • Mobile-first consumers are likely to be a key driver behind the rise in financial phishing, as the use of smartphones for online banking, payment and shopping has doubled in the last year according to the 2017 Kaspersky Cybersecurity Index.
  • Financial phishers are exploiting the Black Friday name in their attacks, as well as consumer awareness and concerns about online security – disguising their attack messages as security alerts, implicating that the user has been hacked or adding reassuring-sounding security messages. 

In order to stay protected while shopping online – not only during the holiday season, but also throughout the year – Kaspersky Lab offers the following advice: 

  • Do not click on any links received from unknown sources or any links that look suspicious.
  • Do not use insecure public Wi-Fi networks to make online payments, as hotspots can easily be hacked to intercept user traffic and steal confidential information.
  • Do not enter your credit card details on unfamiliar or suspicious sites, and always double-check the webpage is genuine before entering any personal information. Fake websites may look just like the real ones – make sure to look at the URL.
  • Only use sites which run with a secure connection – the address of the site should begin with HTTPS://.
  • Be cautious of sites requesting a significant amount of personal information. Ask yourself if the site really needs all of the information it is demanding.
  • Remember that banks and payment companies will never ask you to email them your credentials. When in doubt, call them.
  • Install a security solution on your device with built-in technologies designed to prevent financial fraud. For example, Safe Money technology in Kaspersky Lab’s consumer solutions creates a secure environment for financial transactions on all levels.

The Kaspersky Lab holiday season financial phishing overview is based on information gathered by the company’s heuristic anti-phishing component, which activates every time a user tries to open a phishing link that has not yet been added to Kaspersky Lab’s database. 

To learn more about the latest holiday season phishing trends and examples, please see the Beyond Black Friday Kaspersky Lab Threat Report on Securelist.


About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at


For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter


Media Contact
Meghan Rimol 


Articles related to Virus News