As an increasing number of people on a global scale embrace online shopping, incidents of phishing have risen by 30 per cent during the last 18 months.
“Fraudsters are also taking advantage of the new potential consumer victims,” explains Avital Leshem, team lead of threat intelligence at Cyberint, a fully integrated attack surface monitoring and digital risk protection solution seamlessly infused with threat intelligence to holistically protect from threats beyond the perimeter. “These consumers may have less cyber-security awareness of what we call security hygiene because they haven’t been online shopping before, so they are even more susceptible to having their data stolen than average shoppers.”
Company website impersonation on a daily dasis
“We probably identify hundreds of phishing websites impersonating our customer companies daily – and that’s just across our clients. More widespread campaigns against some of the bigger names in retail, like Amazon, can run to thousands every week.” She says criminals also create phishing kits, a set of automation tools that allow them to generate fake websites on a mass scale.
Leshem says the most popular form of fraud against retailers that Cyberint detects involves the impersonation of customers using details stolen via phishing websites or malware infecting victims’ computers. Phishing is where consumers are directed to a website which is a fraudulent version of a genuine site, created to steal personally identifiable information such as ID, phone numbers, passwords, and addresses. The data can then be sold by the phishers on the dark web, allowing additional threat actors access to the brand’s sites.
Increasing abuse of discount codes
Another popular form of fraud is the abuse of discount codes that provide a legitimate way to incentivise shoppers for limited-time events, new customers, rewards, or for staff privileges. Opportunist fraudsters try to identify mechanisms where those coupons can be generated on mass and then sell those coupons online.
For example, a Cyberint customer had a discount code that gave company employees 40 per cent off their purchases. After a past employee anonymously published the code on a Reddit channel, thousands of people who saw the post bought goods online at huge discounts in just four days. Since the company didn’t have the extra validation mechanisms one might have expected, many of these purchases were not able to be cancelled and the brand’s revenue suffered as a result.
Taking a multi-faceted approach
While traditional platforms guard against malware and dangerous files, Cyberint proactively detects phishing and fraud, in addition to other threats against organisations from the outside with its Argos Edge™ solution. Using highly trained ex-military analysts and private sector experts, it monitors thousands of channels on the dark web, along with secure Telegram group channels and more public forums such as social media and Reddit to access real-time information and warn clients about potential threats and hacks.
Along with implementing a proactive threat intelligence platform, however, brands should also spend time educating its employees and customers about these threats. “A brand’s main concern should be educating its employees – and even customers – to have greater awareness and responsibility toward cybersecurity threats. They must be educated about the websites they are dealing with and about sharing any information on platforms that are the company’s, whose security level cannot be guaranteed,” says Leshem.
To learn more about Cyberint and how the company can help protect your business from phishing and other fraudulent activity, visit Cyberint’s website.
About the author: Reuben Braham is VP Marketing at Cyberint.