The excitement of obtaining a bargain will soon be driving retail fever with holiday deals fueling online sales across the world. India’s e-commerce festive sale season 2020 recorded INR 58,000 crore ($8.3 billion) worth of gross sales for brands and sellers, up 65% from INR 35,000 crore ($5 billion) last year. In all this excitement it is easy to forget the fundamentals of online security, making consumers and retailers easier and more profitable targets for cybercriminals.
By Ali Neil, Director of International Security Solutions, Verizon Business
Data Breach Investigations Report (2021 DBIR) recently highlighted that cybercriminal predominately targets confidential data held within retail outlets including consumer payment details (42%), personal details (41%), and credentials (33%).
The retail industry continues to be a target for financially motivated criminals looking to cash in on the combination of payment cards and personal information which thrives in this sector. Social tactics include Pretexting and Phishing, with the former commonly resulting in fraudulent money transfers. These tactics were used in 77% of the breaches examined within the retail sector in the 2021 DBIR.
Phishing campaigns can be broken down into four distinct groups – a scam, such as an email from a relative who is trapped overseas and needs cash to get home; brand impersonation, the email poses as a bank or a trusted brand name requiring the user to confirm a payment or with a special retail bargain; extortion, designed to frighten the user into compiling and finally Business Email Compromise (BEC), this is a highly targeted attack at a business rather than an individual. All campaigns urge users to click on links, which will navigate them to false pages or send confidential information.
The use of QR codes has also risen during the pandemic, especially amongst smaller retailers and hospitality venues, as an easy ordering and payment solution. However, consumers should beware as these can also direct them to suspicious URLs to make payments, send location details as well as a link to their social media profiles – all without their knowledge, in an attempt to steal personal credential and payment information.
If a company is offering a retail bargain that is simply too good to be true – then it probably is! Don’t click on the link!
Obviously, the main advice to avoid Phishing scams is not to open the emails, however, our human nature and curiosity make this easier said than done.
Education is the best defense here. Regular employee training which highlights the tactics used by phishing campaigns and how to spot them is essential in protecting confidential data within a company as well as helping an employee in their personal e-commerce world.
In the cybersecurity world, retailers live in the unenviable position of having to consider their own data security as well as that of their many customers. In an increasingly digital age, it’s important to install as many security measures as a company can, but equally important is the general awareness of what cybercriminals are after and how they’re doing it. Having an open mind to the newest technologies is an invaluable way to always be one step ahead of would-be attackers.
Our data shows us that over the last five years 35% of the 1,354 breaches which stole payment card information resulted from compromised Point of Sale (PoS) systems, as used in brick-and mortar-retail stores; whilst 38% came from compromised web applications, such as online shopping sites.
These web attacks compromise a website’s payment application and then install code into the application that will capture customers’ payment card information as they complete their purchases. These are the everyday attacks that don’t necessarily make headlines but have the same consequences. Today’s cybercriminals look for vulnerable e-commerce applications to provide an avenue for efficient and automated attacks.
Things companies can do to decrease this threat include:
While criminals are often after payment card information, it’s not the only data variety that they consider useful. Retailers should also remember that rewards programs that leverage ‘points’ are also potential targets, as these contain valuable customer personal information.
One thing is certain, the security of data no matter where it lies – in a retail organization, on a mobile device, social media account, or on a computer – is everyone’s responsibility. Consumers have a responsibility to ensure that they are diligent and aware of who they share their data with and how they interact online. Equally, retailers have the major responsibility of not only protecting their own preparatory data and brand but also the data of their shoppers who rely on and trust these brands.
For many retail organizations, especially smaller ones, implementing widespread security measures is neither affordable nor feasible. But each security step, no matter how small, can have highly beneficial impacts when it comes to detecting and deterring cybercriminals.
About the Author
Alistair Neil is the Director of International Security Solutions at Verizon Enterprise Solutions. He has been associated with Verizon for over 18 years. In his role, Alistair works for the benefit of his clients to provide them with the confidence they need to grow and transform their businesses. He helps them understand their risk, protect their critical digital assets and intelligence, monitor their environments for threats, and be prepared to respond to incidents or breaches.
Alistair’s responsibility is the leadership of Verizon’s Security Sales organization across Europe, the Middle East, Africa, Asia, and Australia. Alistair is also the leader of the Security Solutions business in Europe, Asia, and Australia.
Alistair holds a bachelor’s degree from the University of Southampton.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
The post Prevent Cybercriminals From Making a Run for Your Money and Personal Details appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor