What do you get when you pair the country’s biggest shopping season, a hasty online shift for retailers, an exponential increase in people working from home – likely not educated in cyber hygiene? The perfect recipe for cybercriminals to take advantage of unsuspecting consumers and businesses.
Here are a few things for both e-commerce retailers and customers to consider and watch out for this shopping season.
Shift Online Opens Vulnerabilities, For Both Consumers and Businesses
Cyberattacks related to online shopping is nothing new. We are likely to see a natural rise in attacks thanks to the increase in businesses that recently made the shift ‘online’ due to strict COVID restrictions. While many of these businesses used to rely on foot traffic or in-person purchases, they have now had to pivot, changing their business models to meet customers where they are now, at home.
Thus, businesses have had to increase their website offerings and have likely partnered with larger delivery services to connect to their customers, increasing attack surfaces. Did they take the time to make sure their updated website capabilities are secure? Or did they hastily set up to (understandably) limit business and income disruption?
Similarly, on the customer side, what may have once been a safer cash or card payment at the physical store has now turned into offering credit card details online where the risk of card details being stolen is exponentially higher. Customers should be sure to confirm websites are official and secure. If prompted to create an online profile – use a stronger password and limit giving personal identifiable information. A user should only ever enter the basic information needed to activate the account or complete the purchase.7 Key Retail Security Factors You Should Worry About
Beware the Tangential Cyberattacks
For customers, in particular, we need to be thinking about the bigger picture constantly. In this case, we need to give our time and energy to exploring threats tangentially related to our supporting business. This includes partnerships with delivery services such as USPS, FedEx, and UPS.
You may have already been receiving phishing attacks via text messages – messages acting as delivery services notifying you that your package is delayed. With shopping gearing up over the next week, these attackers will likely amp up their attempts to prey on customers eagerly awaiting their shipments. Do not click on them.
Additionally, we could see similar phishing attacks come through via fake credit card companies letting you know your card has been compromised or the credit limit has been exceeded. With many of us making larger purchases, we could again fall prey to a simple trick and unknowingly find ourselves on the phone with a fake call center urging us to share sensitive data to ‘secure’ our card again. Never call back, reply on the number provided. If you suspect your credit card has been compromised, always reach out directly to your bank at their standard customer service number found on the back of your card.Vulnerability Management: Exercising Brand Risk Management
Protect Your Business, Protect Your Customers From Cyberattacks
Let’s take a quick moment to talk about what businesses can be doing to ensure they are ready for this shopping season and future online shopping seasons as COVID drags on.
All businesses should be running an attack surface assessment to understand all of their assets and the risks presented by each asset. You can’t fight what you don’t know, particularly if you rushed your business online during COVID. An automated tool can best help find and audit all assets within a company, where they reside, and if there are any blind spots to attack surfaces. From there, organizations need to ensure employees are handling company and customer data with full consideration for the security of that data.
Secondly, organizations should make sure they are up to speed on the latest industry threats, via threat intelligence reports, to understand the trends in attacks and focus on appropriate controls. An outside-looking-in perspective – through an attacker’s eyes – will enable organizations to better understand and game plan to prioritize and act on any risks unique to their business. This will not only keep the organization safe but, ultimately, its customers’ data.Intelligent SOC: Resolution Intelligence For Security
Black Friday and Cyber Monday always present a unique opportunity for cybercriminals and traditional criminals alike. While the cybercriminals are hastily preparing their phishing campaigns and account takeover techniques, the traditional criminals are watching the delivery services with a careful eye. This time of year is always rife with crime sprees, but the more prudent we can all be, both e-commerce businesses and customers, the more we can enjoy our purchases vs. regret them due to cyber-related mishaps that’ll end up costing us way more than what we saved on that new TV.
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!