Cybercriminals shift tactics to target online shoppers

Financial phishing attacks in the Middle East are increasingly targeting online shoppers rather than bank customers, with more than 85 percent of such scams now linked to fake e-commerce platforms, according to a new report by cybersecurity firm Kaspersky.

The findings highlight a sharp shift in cybercriminal strategy as attackers move away from traditional banking malware and instead exploit digital shopping habits, credential theft and dark web marketplaces to access users’ financial data.

Kaspersky’s latest Financial Threat Report showed that pages mimicking online stores accounted for 48.5 per cent of global financial phishing attacks in 2025, up 10.3 percentage points from the previous year. In contrast, phishing pages impersonating banks declined to 26.1 per cent, suggesting fraudsters are increasingly targeting weaker entry points into users’ finances.

The trend is far more pronounced across the Middle East, where 85.8 per cent of financial phishing activity is now concentrated on e-commerce platforms, reflecting the region’s rapid growth in digital retail adoption.

The shift is particularly relevant for GCC markets such as the UAE, where e-commerce penetration and digital payments have expanded rapidly in recent years, supported by high smartphone usage and government-backed digital economy strategies.

Cybercriminal tactics are also evolving alongside changing user behavior. As consumers increasingly manage finances on mobile devices rather than desktop computers, mobile banking malware attacks rose by 1.5 times in 2025, even as traditional PC-based financial malware continued to decline.

Another major driver of financial fraud last year was the surge in “infostealer” malware—malicious software designed to harvest passwords, banking credentials, card details, and cryptocurrency wallet data from infected devices.

Globally, detections of infostealers increased by 59 per cent between 2024 and 2025, including a 26 per cent rise in the Middle East, underscoring the growing scale of credential-based cybercrime in the region.

According to Kaspersky Digital Footprint Intelligence, more than one million online banking accounts from the world’s 100 largest banks were compromised by infostealers in 2025, with stolen credentials circulating freely on dark web marketplaces.

The report also warned that 74 per cent of compromised payment cards identified on underground platforms last year remained valid as of March 2026, indicating that attackers can exploit stolen data long after the initial breach.

Polina Tretyak, digital footprint intelligence analyst at Kaspersky, said the dark web has become a central marketplace enabling large-scale financial fraud operations.

“The dark web has become a central hub for financial cybercrime. Stolen credentials and bank cards harvested by infostealers are aggregated, repackaged, and sold there, while phishing kits targeted at users of financial products are offered as ready-to-use services,” she said. “This creates a self-sustaining ecosystem where data theft and fraud operations reinforce each other, making attacks scalable and easy to carry out even by fraudsters with minimal experience.”

The report comes as Gulf economies accelerate digital transformation across banking, retail and government services, increasing both convenience and exposure to cyber risks.