How will cyber criminals utilise growing online sales?
PwC’s 2020 US Holiday Outlook indicates that 61% of those surveyed will do most of their shopping online, as 55% mentioned the pandemic being the biggest concern preparing for Christmas this year. Accenture provides similar estimations with 75% respondents claiming they would at least partially shop for Christmas online. E-commerce vendors aim to grow their profits due to increased traffic in online stores, but this puts them in the spotlight of cyber criminals, who use similar tactics every year.
“Even though hackers perform more sophisticated attacks, general strategies and goals, although more complex, remain unchanged. They try to take advantage of increased traffic in the online stores to trigger the Denial of Service (DoS) attack and temporarily shut down the website or gain access to user account information. They may, for example, utilise bots, some of which are programmed to snatch the best deals, while the others try to break into the user’s account and obtain sensitive data,” said Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.
Last year, Magecart group managed to implant a card-skimming code on Macy’s website and leak crucial payment information, including, but not limited to, name, address and credit card number.
As customers send more inquiries and requests to vendors during the holiday season, hackers leverage the volume of emails to send phishing messages and implement other social engineering techniques. This year will be no different as brick and mortar stores remain closed and most of communication takes place online.
“Even if social engineering is usually targeted at consumers, hijacking vendors’ email allows hackers to distribute scam messages through reputable and trusted channels. As a result, consumers’ cash and private details can get stolen,” warned Gurinaviciute. ‘’Remote work multiplies the risk, because employees are even more susceptible to fraudulent schemes’’.
Data theft is only one side of the problem. As more people are shopping online, the physical supply chains meet an unseen pressure. Troubles in their digital management systems can make matters worse and disturb the shipping process. As speedy delivery and secure shopping are the key criteria of customer satisfaction, online retailers should enhance the necessary security measures in both their internal network and websites.
Think about private information. 71% of the consumers said they are confident their online transactions are secure during the holiday season, presumably because many of them have taken precautions against cyber threats. Live up to their expectations and ensure your website is also protected. Employees should only be able to access the internal systems through two-factor authentication and guest checkouts shouldn’t be allowed.
“Some of the hackers use so-called ‘friendly fraud’. They purchase the stuff and then require a refund after the stuff has reached their hands. More sophisticated ones make use of traditional social engineering practices and attempt to breach ecommerce websites,” added Gurinaviciute.
Be careful with third-party solutions. Many enterprises do not have enough funds and incentives to invest in their own ecommerce website. Some of them decide either to implement the third-party ecommerce widget, or to cooperate with giant marketplaces such as Amazon. The latter might be an option, indeed, as the third-party seller on the platform grossed $4.8 billion worldwide on this year’s Black Friday sale.
On the other hand, collaboration with others requires some degree of system integration, which can become a gateway between both companies in the event of cyber attack. It is thus wise to limit third party access to any consumer’s private and payment information, a policy known as a ‘least privilege’. However, third-party solutions are indispensable while handling the payments, as established providers ensure trustworthy encrypted tunnels for financial operations.
Take a good look at your website. Try to evaluate your website as a regular consumer: does it look reliable? Can I trust them with my name, address and credit card details?
“There are various signs that websites can be trusted and one of the most important is the presence of a secure socket layer (SSL) certificate, which safeguards any data that flows in and out of the website. It is indicated by the ‘https’ at the beginning of the URL or a lock icon in some of the browsers. Don’t forget that the website theme and general appearance are also telling” suggested NordVPN Teams’ expert.
She also recommends updating all of your website’s plugins as cyber attackers try to leverage their bugs to infiltrate web pages. If you have important data on your servers, it is wise to back it up every once in a while or set an automatic backup, preferably on the offline storage.
Teach and learn. Cyber security and tech landscape changes quickly and constant learning is necessary to keep up with the advancements. The best way to avoid a disaster caused by cyber attack is to ensure your business has up-to-date and functioning crisis management strategy and all workers are instructed about actions they should take in the case of emergency.
Also, train them on risk awareness and instruct them on how to stay secure online, especially if they work remotely. Holiday season is highly profitable and even the temporary shutdown of an eshop can result in a considerable revenue loss.