Riskified, the eCommerce fraud-prevention company, and IntSights Cyber Intelligence, a provider of enterprise cyber threat intelligence and mitigation solutions have released “The Retail and eCommerce Threat Landscape Report (October 2018).” The report highlights a rise in phishing attacks.
The report illustrates how cyber criminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels for increased revenue opportunities. In addition, the report addresses the scope and severity of the current threat and fraud landscape for retailers.
Researching the dark web
In this joint report, IntSights researched the clear and dark web to assess retail data and goods being sold illegally. New cyber scam tactics and how cybercriminals impersonate brands online to trick unknowing consumers. Riskified analysed the transaction-level results of hundreds of millions of purchases for indicators of fraud to identify trends and new tactics used by fraudsters.
According to said Eido Gal, CEO of Riskified, “As eCommerce continues its explosive growth, fraud has followed suit. This makes it very difficult for merchants to distinguish good customers from bad actors.”
Inefficient fraud prevention
Eido Gal notes, “Inefficient fraud prevention costs merchants billions in chargebacks, overhead and missed sales, so accurate decisions are a must. We partnered with IntSights to look at fraud from start to finish. From selling compromised bank information to fraudulent purchase attempt, to reselling the ill-gotten goods on the dark web.”
The report provides a clear picture of just how prevalent and sophisticated fraud is.
With that understanding, Riskified developed recommendations for the best ways to minimise the impact of fraud and keep good customers happy.
The report analysed data from Q3 2017 to Q3 2018 and found the following key trends:
- 297 percent rise in the number of false retailer websites designed to “phish” for customer credentials. In Q3 alone there was an average of 23 phishing sites per company, which is a significant increase from 2017, which averaged 5.9 phishing attacks per company
- 278 percent rise in stolen goods listed on black markets for resale
- Average of 22.1 internal login pages or development servers exposed per retail company in 2018. When accessed this gives cybercriminals a portal into the retailer’s internal network
- Fake apps and social media profiles are on the rise with a 469 percent spike in suspicious applications and a 345 percent increase in fake social media profiles (respectively) in Q4 2017
Guy Nizan, Co-founder and CEO of IntSights Cyber Intelligence says, “Retailers are increasingly focused on driving sales through a variety of online channels. Facebook, SMS messaging, Instagram, Twitter and more. All of which provide an ideal opportunity for fraudsters to lure in new victims through phishing attacks. This is the most common way to obtain stolen credit card numbers.”
He added, “As prime targets for cyber crime, retailers need to understand how their goods are being sold and bartered for on the dark web. This glimpse into criminal behaviour and activity helps inform the overall cybersecurity programme, leading to an increase in security posture.”
Ease of defrauding retailers
Defrauding retailers is a very easy task. The sheer amount of transactions means law enforcement can’t be involved in every stolen credit card identified. A rejected transaction won’t amount to a police investigation. A successful fraudulent transaction can take weeks to months to be discovered when the digital trails are already cold.
In addition to data, the report provides an in-depth look at why fraudsters are attacking merchants and how merchants can better protect themselves, including:
- Why eCommerce retail is so attractive for fraudsters: Abundance of merchants to target (many with weak security); relatively low risk and high reward.
- How the dark web is enabling fraudsters: From selling credit card data and personal information from data breaches to sharing commonly used tools and schemes
The report outlines the scope and severity of the current threat and fraud landscape for retailers. It also shares key research findings and explore the latest threats to the retail sector, such as tools, techniques and real-life examples.
What this means for any merchandisers
Ecommerce continues to grow significantly, making it extremely easy to order anything at any time, using countless devices. Technology has made it more convenient for consumers to purchase goods. This growth in online shopping is why retail and eCommerce industries are some of the most targeted sectors in the dark web. The ease in which online fraud is committed and simplicity by which consumers get goods delivered to their doorstep with little to no risk, is just too appealing to overlook.
Retail fraudsters range from the average neighbourhood whizz kid to organised crime groups. The first uses a stolen credit card to order the new Call of Duty. The second buys digital goods as a money laundering tactic. Retailers of all sizes are getting hit. From your local pizza shop to huge retail conglomerates and banks. Fraud affects every company that sells products, services, or goods online. Phishing attacks warnings are becoming common for everyone using digital services.
Phishing attacks and other forms of fraud puts a lot of strain on customer services. Hinders the ability to scale or expand internationally and can lead to unhappy customers (aka brand reputation damage). These costs can be far more damaging. Businesses need to make sure they understand the latest fraud and cyber scam tactics. They have to manage the fraud process efficiently, while working to identify fraud attempts early and respond appropriately.