The end-of-year shopping season is when retailers across the globe generally expect to generate over a third of their entire annual revenue. But post-pandemic online shopping habits are now set to make this year’s seasonal shopping spree into a bonanza for cybercriminals.

During the November-December timeframe last year Cyberint’s Threat Intelligence platform identified a 290-per-cent rise in stolen payment cards for sale on major dark web payment cards. Phishing activities driving consumers to fake retail sites and lookalike domains increased more than 150 per cent.

During Singapore’s pandemic circuit-breaker period, for example, it is estimated that roughly a quarter of all online buyers were new buyers and that around three-quarters of these reported that they would continue to shop online post-lockdown. Like other shoppers across the globe, Asian consumers are also most likely to click on online ads on December 26, 27 and 28, as they search for post-Christmas bargains and discounts generally offered by retailers at this time of year. But this year’s seasonal online shopping spree will cost many shoppers more than they bargained for. 

Highly-organised criminal groups now operate increasingly sophisticated online scams aimed at consumers. These include fake retail websites that are indistinguishable from legitimate shopping portals and increasingly widespread phishing scams in the form of fraudulent emails and pop-up ads. Cybercriminals are also becoming increasingly adept at penetrating retailers’ defences to install ‘infostealer’ malware designed to harvest customers’ financial details. Each month, millions of stolen credentials are traded between fraudsters and even used as a de facto currency to pay for other criminal services. 

Well-established phishing methods are also often combined with a new generation of tools created to perform “low-and-slow” attacks designed to pass under the threshold of existing controls, disguising the number of sign-in attempts per IP address per minute. Skimming attacks are also used to steal payment card details from users on online retail websites. In September 2020, for example, a massive Magecart payment-card skimming attack was exposed, hitting 2800 online stores that used Magenta 1, which had ceased being supported in June 2019.

Traditional safeguards such as firewalls and instructing staff not to open attachments in unsolicited emails are no longer sufficient safeguards. Using a process known as Attack Surface Mapping (ASM), companies should continuously monitor all their organisation’s potential vulnerable entry points. These can include not only the corporate IT system but also the Internet of Things (IoT), which also comprises online devices such as security cameras and building control systems. 

However, even a combination of ASM and other forms of Digital Risk Protection (DRP), while essential, are no longer sufficient to stay one step ahead of the cybercriminals. This can only be achieved by pro-active threat intelligence gathering capable of garnering not only information concerning incoming attacks in real-time but also on future threats that may soon be coming down the pipeline. 

This is best achieved by hiring advisers capable of deploying teams of highly experienced cyber-sleuths who constantly infiltrate criminal forums not only on the deep and dark web but also on encrypted messaging services such as Telegram. By using cleverly constructed avatars bearing fake criminal credentials, investigators can dupe cybercriminal gangs into revealing details of planned attacks and also sharing caches of credit card details and other financial credentials that may already have been stolen without the retailers’ knowledge. 

Failure to safeguard themselves and their customers against increasingly widespread and sophisticated online fraud in the run-up to this year’s mega shopping season will have long-term consequences for retailers well beyond any immediate financial loss and inconvenience. 

Shoppers who discover that a retailer has failed to protect their credit card details or who have been scammed by fake pop-up ads and criminally cloned retail websites are likely to blame the unfortunate retailer for failing to safeguard their customers’ interests with resulting revenue reduction in 2022. 

About the author: Ray Koh is VP APAC at Cyberint.