Shopping online? Make sure cybersecurity clicks

Consumers that are planning to shop for themselves and their loved ones during this holiday season should educate themselves on the various ways that scammers are looking to take advantage of their shopping habits, experts have said.

Werno Gevers, cybersecurity specialist at Mimecast, explained that the retail sector continues to be an attractive target for cybercriminals due to the strong financial motivation, increased e-commerce activity in light of the pandemic, and the potential to steal data or credentials.

Online shopping, he said, has steadily grown in recent years, but 2020 saw a significant increase due to the Covid-19 pandemic, as more people are staying home, spending time online, and avoiding venturing to physical stores if they can avoid it. Cybercriminals know this and are therefore likely to be out in full force this holiday shopping season.

Mimecast’s Threat Intelligence Centre found that, between January and October this year, Mimecast had detected and blocked more than one billion malicious threats, a more than 34 per cent increase over 2019. Cyberattacks in October were up 22 per cent over September, with retail and wholesale being the most targeted industry sector.

Similarly, Satnam Narang, principal research engineer at Tenable, said that while the impact of the pandemic and the low prices draw shoppers online, cybercriminals will be “chomping at the bit in anticipation of the boom.”

“The use of homoglyphs or ‘lookalike’ pages to fool consumers into submitting details remains a problem for consumers as these clever tactics are being used by cybercriminals to trick unsuspecting shoppers,” he said. “While legitimate sellers are present on social media sites, such as TikTok and Facebook, the sheer number of scams I’ve observed compels me to advise users to be cautious.”

Shoppers must be especially wary of “free” offers that come with a price, he added. These scams offer everything from free diet pills and performance enhancers to video games, headsets, and gift cards. “They use fake celebrity endorsements and fake news articles to dupe unsuspecting shoppers into providing credit card details in exchange for free goods, subjecting you to recurring subscription fees or other types of non-refundable charges.”

Another popular shopping scam that will rear its ugly head this holiday season involves dropshipping schemes. Dropshipped goods often include electronics, hardware, kitchen tools, clothing and accessories.

“The problem isn’t with dropshipping itself — the issue is that scammers are leveraging dropshipping to take advantage of unsuspecting consumers. These scammers promote heavily-discounted goods on social platforms; you could receive counterfeit goods, inferior quality items to that of the image or description shown, or the wrong product entirely. That’s assuming you receive anything at all,” Narang said.

“Before making any purchase through social platforms, first try to verify the source, for example check to see if the item is available directly from [third-party sites] at a deeper discount, read reviews to gauge customer sentiment, and when in doubt, shop from a reputable source.”

Both Narang and Gevers stressed that it is imperative that retailers take cyberthreats seriously to ensure that they are not undermined at this most critical time of the year.

“We are likely to see continued high levels of cyberattacks aimed at retail throughout the November and December shopping periods. Retailers need to take steps to ensure that their brands are not being hijacked online and used to launch cyberattacks on shoppers. By taking ownership, retail brands can prevent criminals from turning popular shopping festivals into a phishing frenzy. The damage to a company’s reputation following a successful online brand exploit can take a long time to repair, so it’s in the best interest of the organisation and its customers to take preventative measures,” Gevers said.

As part of its regular security research, Mimecast monitored 20 top global retail brands beginning on October 26, and found almost 14,000 recently registered, suspicious domains related to those retail brands. And new registrations continued during the observation period; on some days, Mimecast saw between 53 and 87 suspicious domains registered in one day for a single retailer.

— rohma@khaleejtimes.com