Woburn, MA – December 6, 2022 – Kaspersky has released a survey report capturing a number of ways in which last-minute holiday shoppers tend to place themselves at a significantly higher risk of data theft than their early-season counterparts. According to the report, 40% of American consumers who do most of their shopping after December 16 are willing to shop on sketchy-looking sites if the offer is enticing enough, compared to just 29% of shoppers who are mostly done shopping by December 15. A number of similar findings are part of “The cyber risks of last-minute holiday deal-seeking” report.
Holiday shoppers face a laundry list of cyber risks this year. Kaspersky research data shows that banking Trojan attacks, which are widely used by cybercriminals to target ecommerce payment data, have already nearly doubled in 2022, compared to last year. Meanwhile, tens of millions of phishing attacks, fake online stores and other scams target online shoppers and their personal information every year. In November, Kaspersky telemetry recorded 351,800 emails containing the words “Black Friday.” Additionally, cybercriminals target online stores to steal user account databases, and if a person uses the same password for multiple sites, attackers can gain access to all of them at once.
In order to learn more about how those threats might affect specific groups of shoppers differently, Kaspersky surveyed 2,000 American adults between October 20 and 24 about their holiday shopping and online security habits.
According to the report, 12% of respondents said they tend to do most of their Christmas shopping between December 16 and December 24. Among those self-identified last-minute shoppers, the survey revealed the following:
· Last-minute shoppers were less likely to say they are careful about the information they share online (44%) than early shoppers (those who are mostly done by 12/15) (51%).
· Only 46% of last-minute shoppers avoid links in messages from people they do not know, vs. 56% of early shoppers.
· 28% of last-minute shoppers follow the recommended advice of using a different password for each online store account, compared to 33% of early shoppers.
· 39% of early shoppers check for typos in emails with special offers, compared to only 32% of last-minute shoppers.
Security risks taken by early shoppers vs. last-minute shoppers
“No one loves the holiday shopping season more than cybercriminals, given the elevated level of online transactions, and the fact that deal seekers often let their guard down and make themselves into vulnerable targets,” said Kurt Baumgartner, principal security researcher, Kaspersky. “While much attention is typically given to the Black Friday-Cyber Monday period, the threat of falling victim to scams is always there, especially for rushed shoppers. We urge people to take basic security considerations and to avoid waiting until the last minute, when the time crunch can get them into trouble.”
The survey results also revealed a number of findings related to the risks faced by all shoppers throughout the entire shopping season, as well as the rest of the year. Thirty-eight percent of all respondents said they have had credit or debit card details stolen and used fraudulently in the past. The results also indicated many consumers are not following common ecommerce security recommendations. Only 32% of all respondents said they typically use a different password for every online account and website that they use for shopping.
The survey highlighted one factor that makes this year different from Christmas past. Almost 1 in 5 (18%) respondents said inflationary pressures would make them more willing to shop on a site that strikes them as sketchy, if the offer is good enough. There was also a striking difference between age groups in this area: 55% of respondents aged 18-24 said they are willing to shop on questionable sites for a deal, compared to just 9% aged 55+.
Security experts recommend holiday shoppers to leave themselves plenty of time in order to help reduce the likelihood that they might fall victim to scams, as well as to take some basic security precautions, such as avoiding password re-use, sticking to official online stores, and checking their payment history regularly. Shoppers should be wary of phishing scams, too-good-to-be true offers, suspicious links, gift card scams and any offer involving a wire transfer. Experts encourage the use of additional security tools such as antivirus, password managers and VPNs, as well as shopping with credit cards, which generally offer higher fraud protection than debit cards, and not allowing ecommerce sites to remember their card information.
· Full survey report: “The cyber risks of last-minute holiday deal-seeking.”
· Blog Post: Rules for safe online shopping
· Securelist report: Black Friday shoppers beware: online threats so far in 2022
· Personal security tools: Kaspersky offers consumers real-time antivirus, online payment protection, device performance optimization, unlimited VPN, password protection, parental controls and more.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Sawyer Van Horn