In 2022, Kaspersky Lab experts detected numerous phishing pages mimicking the global Buy Now, Pay Later services.

BNPL is a system of paying for purchases in equal installments over a short period of time without an agreement with a bank. Such offers have become popular relatively recently and may be in special demand during sales periods. Phishing on BNPL services existed before as well, but scammers have begun to actively exploit it recently.

Kaspersky Lab Armenia representation says, in total this year the company recorded about 14 million phishing and scam resources on various topics around the world.

The scammers create a page imitating the official website of the BNPL service and trick the victim into entering a bank card number and CVV into a fake form. After a person submits his/her data on the page, the information, along with the money, becomes available to the scammers. Links to such phishing resources are disseminated via email. For example, experts have seen emails asking to update payment details, in which a person was redirected to a fake service page to pay for purchases in installments.

“The season of discounts is an active time not only for sellers and buyers, but also for scammers. On ordinary days, a too low price for a product can alert you, but during sales and Black Friday, it is not so obvious. At this time, people are less vigilant, and scammers take advantage of this. In addition, they follow various trends. For example, they did not ignore the popular BNPL services, which proves once again that phishing has not lost its relevance,” Olga Svistunova, content analyst at Kaspersky Lab, said.

To make online purchases safely, the company’s experts recommend following cybersecurity rules:

- be critical of extremely generous or overly frightening messages on the net and in the mail, especially when asked to do something quickly, without giving time to think, and frighten with negative consequences;

- avoid downloading attachments or follow the links from doubtful emails from unknown senders

- before entering data, including payment data, on any resource, make sure that its URL is free of unnecessary or incorrect letters, and that the site itself has no spelling errors, and all sections and buttons work;

- use a reliable security solution on all devices, which will not let you follow a phishing or scam resource;

- when making a purchase from an unknown company, check the domain in WHOIS-services (if it is very new and is registered on an individual, you should not buy anything there), and read reviews before making a decision;

- get a separate bank card (e.g., a virtual one) for online purchases, and keep a certain amount on it needed for payments.

The partner of Fintech section is