This post was originally posted on Tech HQ.

 

With Alibaba to haul US$38.4 billion in sales on Singles’ Day this year, Black Friday is the next highly-anticipated shopping holiday of the year.

In terms of cybercrime, it’s also one of the most high-risk times of the year, with cybercriminals seizing on the peak shopping frenzy to attack retailers and customers alike.

Amid the high volume of sales, threat actors can take advantage of the glut of retail emails to seed spear-phishing attacks, while increased transactions provide a smokescreen for the use of stolen payment information, with less risk of detection.

“Two common patterns are multiple transactions of a low-priced item— a 99 cent holiday gift, for example— in order to test if the credit cards are active and also multiple purchases of one high-value item that can easily be resold,” Ray Hillen, Managing Director of Cybersecurity at Agio, told TechHQ. 

The rise of automation only sharpens the cybercriminal’s toolset for compromising data— one of the more sophisticated approaches involves deploying an army of ‘Grinch bots‘ to harvest details of customer accounts, robbing victims of their loyalty points and gift card values. Popular and limited edition products are purchased in abundance and resold in secondary markets for a higher price.

Each year, however, retailers and customers alike must be prepared for both a return of tried-and-tested methods and changing trends. In 2019, Hillen expects an increase in fraudulent websites and typo-quatting that lure customers away from legitimate sites, with the aim of mimicking the real thing, and compromising payment data as it’s entered.

“Additionally, bad actors send phishing emails to call centers and customer service with malicious attachments or links labeled as an invoice or fraudulent charge on credit card statement impersonating customers.”

Even though the majority of emails sent to customer service are not from trusted senders, there is immense pressure for representatives to look through them to ensure no customer complaint falls through the cracks during the seasonal spike. 

Safety measures

For the safety of company and customer data, organizations can look into anti-phishing platforms to alert organizations of emails containing malicious content. Experts are also calling for more sophisticated encryption on web traffic for improved security, yet this trend may pose new challenges for existing phishing detection tools.