With Cyber Monday fast approaching, bad actors are fine-tuning their tactics to take advantage of merchants and consumers across the globe.
90% off, buy one get five free, last-minute trip to Madagascar for $200… When a deal is too good to be true it normally is. This is how cybercrminals are luring consumers these days into providing their credentials, payment details and, the best of cases, into buying counterfeit goods.
As consumers spend more time and money shopping online, these criminals are looking to leverage any advantage they can find within existing online shopping systems. This year, the incidents of corrupt websites hosting banking trojans, downloaders, and credential stealers are skyrocketing, making up for 94% of malicious payloads in the third quarter of this year according to a recent report from Proofpoint.
Clickers Instead of Downloaders
Instead of the classic innocent-looking attachment that contains Sodom and Gomorrah in a few megabytes, cybercrminals are now switching to URLs to bring victims to their landmine. This trend, reported by Proofpoint researchers, shows that bad actors are eschewing their long tradition of attaching malicious files in the hopes that a user will open them. In the third quarter of the year, fake URLs outnumbered attachments by over 370%.
Research from NuData Security also supports these findings and has discovered fake antivirus programs and bogus browser plugins to be most popular, doubling their frequency in the second quarter of 2018.
Bad actors are favoring these links because they snag consumers without raising the traditional alerts an attachment can cause – now that consumers are more aware of these types of phishing techniques. In this environment, businesses and consumers alike should take every precaution when sifting through promotional emails this holiday, as criminals will attempt to disguise phishing scams as genuine offers. Inserting data in the wrong place can unlock a stream of fraud into the victim’s card or account.
But phishing is not only a threat for consumers, it also harms merchants who suffer from brand damage, customer distrust, and customer churn – where consumers move their business to a competitor they believe is more trustworthy. Phishing attacks emulate a trusted brand in potentially negative ways, so even if the victim doesn’t click any links in a phishing email, they are still exposed to fake communications that can change the user’s perception of the business impersonated.
However, on the bright side, social media platforms have gotten much better at identifying phishing attempts within their platforms, boasting a 90% improvement in effectiveness over 2017.
Mobile: A Greater Target
As mobile shopping adoption continues its upward trend, we’ll see more mobile purchases today than on a desktop device, and we’ll see more cyber attacks against users of mobile devices as they become a popular target for cybercriminals. Researchers at NuData Security have a found that high-risk mobile purchases were trending up 25.3% of total mobile purchases in the third quarter of 2018.
One of the stumbling blocks to consumer security on mobile devices is that mobile operating systems and browsers lack consistent and clear trust indicators, so the user may not recognize that a link they have followed has taken them to a malicious website set up to look exactly like the real store, instead of the legitimate site they intended to visit.
There’s More to Users Than Their Username
Merchants strive to provide an enjoyable shopping experience for their customers, especially during the hustle of the holidays – where they are more likely to switch to a competitor if getting a last-minute gift creates additional friction or inconvenience. Several new approaches are giving online companies the edge in protecting their customers, while locking out cybercriminals who blend in with the online crowd to do some pick-pocketing the digital way.
To build lasting relationships, businesses need to recognize customers the same way as they would in a real store – without asking them for their name – and identify their customers without relying solely on credentials such passwords, usernames, and other information that can be easily faked or stolen.
Many businesses are implementing a multi-layered security approach that includes passive biometrics and behavioral analytics which identifies online customers by their behavior. Such identifiers as how a person holds their device, how hard they type, how fast that move from webpage to webpage are all part of the online mix to authenticate consumers.
These key identifiers along with hundreds of other ones, are used to identify the person behind the device. So even if a phone, computer, iPad or other device is stolen, cybercriminals would be blocked as they try to make fraudulent transactions. At the same time, these cutting-edge technologies allow merchants to provide a memorable holiday shopping experience for true customers while offering them surprise rewards as well.
Related to this blog Users sharing one password? NuData has a new solution