Cyber Monday Shoppers and Retailers Beware of Scams and Attacks
December 2, 2013 marks Cyber Monday, the day when Internet
retailers expect to experience a major surge in traffic thanks to people
shopping online for the holiday season. The concept of Cyber Monday, or
Mega Monday as it’s known in Europe, was introduced back in 2005. It
takes place after the Thanksgiving holiday weekend, when people return
to the office and buy Christmas presents from their work computers,
according to retailers. Some dismissed Cyber Monday as marketing hype
but over time, the day has grown in significance,
thanks to competitive deals on offer from many major retailers. In
2012, the 500 biggest retailers in the US took more than US$206.8
million on Cyber Monday while in Europe, approximately €565 million was
spent on this day. This year, experts believe that Cyber Monday sales will grow by 13.1 percent as consumers increasingly move from buying presents in bricks-and-mortar stores to shopping online.
However, considering the hype surrounding Cyber Monday and the
expected traffic on ecommerce sites on this date, there could be a
chance that attackers will take advantage of the day to target both
consumers and retailers. According to a recent study from RSA Security and the Ponemon Institute,
64 percent of retail-focused IT professionals have seen an increase in
attacks and fraud attempts during high traffic days such as Cyber
Monday. But just one third of these IT professionals take special
precautions to ensure high availability and integrity of websites on
these days. Worse still, the estimated direct cost of a cyberattack
around the holiday season is believed to be US$8,000 a minute.
Attacks against retailers
There are several ways that attackers could target retailers and
consumers during Cyber Monday. Identity theft is one possible threat and
it has plagued many stores and customers in recent years.
The increased traffic on Cyber Monday could entice attackers to target
vulnerabilities in retailers’ infrastructure in order to plant malware
that could steal consumers’ information. Our recent research found that 53 percent of the websites scanned by Symantec contained unpatched and potentially exploitable vulnerabilities.
Another possible threat to businesses on Cyber Monday could be
distributed denial-of-service (DDoS) attacks. Many retailers have
already experienced the effects of such attacks. In 2012, among the UK
firms that were hit with DDoS attacks, 43 percent were in the retail sector.
Cyber Monday could prove to be an attractive date for attackers
targeting retailers with DDoS attacks. Attackers have been known to
undertake DDoS attacks on dates of significance, as they are aware that
their efforts will get noticed if they attack on high traffic days such
as Cyber Monday. Attackers could also use DDoS attacks to distract Web
administrators from other malicious activities that they could be
carrying out elsewhere. DDoS attacks have been occurring more frequently, as there has been a reported 54 percent increase in attacks in the second quarter of the year.
End users
Of course, retailers aren’t the only ones who should protect
themselves this Cyber Monday. Consumers should also make sure that they
shop safely online. This year, analysts expect that more consumers than
ever will be searching for deals through their mobile device. Marketing
research firm eMarketer believes that mobile commerce will generate US$41.68 billion
of the total US$262.3 billion in ecommerce sales for the year,
representing a 68.2 percent increase in mobile commerce sales from 2012.
However, the recent 2013 Norton report
showed that while 38 percent of smartphone users experienced mobile
cybercrime in the past 12 months, almost half of mobile device owners
didn’t implement basic protections such as passwords, security software
or data backups. Even though some consumers may opt to shop on their
mobile device rather than their computer, they could still be vulnerable
to the threat of cybercrime.
Scammers will still be relying on more well established techniques
to target both businesses and consumers this Cyber Monday. Symantec has
found a recent spam campaign that tells the email’s recipient that they
need to prepare for Cyber Monday if they want to make money from it. The
email also includes two links claiming to offer advice on how to take
advantage of the day. These links redirect users to a spam Web page that
includes a video to trick users into thinking the page is genuine.
Figure. Spam email claiming that the message’s recipient can make money from Cyber Monday
Stay protected
Consumers and retailers should heed the following advice to stay safe this Cyber Monday.
- Web administrators should ensure that any potential infrastructure vulnerabilities are plugged before Cyber Monday in order to prevent attackers from taking advantage of these flaws. They should also monitor network traffic for any suspicious activity.
- Retailers should ensure that their employees are trained to understand the risks associated with social engineering attacks that are designed to breach their companies’ systems, which could affect consumers. Similarly, other companies should also train their staff to be aware of phishing scams around this day, in case employees decide to shop online from their work computers.
- Consumers should use the latest version of their Internet browsers to shop online and should ensure that their software, including antivirus software, is up-to-date. Symantec offers consumers the latest Norton solutions for both computers and mobile devices.
- Customers should only purchase goods through reputable online retailers and should check if the website that they’re shopping on is secured through Secure Sockets Layer (SSL). They can tell if the site is secured in this way if the URL includes “https” rather than just “http”. Consumers should avoid inputting financial information on sites without this protection.
- Users should always avoid clicking on links in unsolicited emails, especially if they offer deals that seem too good to be true. They should always check legitimate retailers’ official websites to see what deals are on offer. Users should also never send sensitive financial information through email.
- Consumers should monitor their bank or credit card activity over the holiday season and report any suspicious purchases or unauthorized money transfers.