Using email phishing to get consumers to log in to fake websites looking like Amazon.com or other major retailers, the criminals then steal the username and password to log in to the account and make purchases with previously linked credit cards in the account.
These fraudulent purchases can use up available credit or get cards locked down for fraud, keeping consumers from doing the shopping they need to get done. In addition, the hassle and stress of dealing with stolen credit card information or fraudulent purchases is not something anyone needs to be dealing with during the holidays.
Retailers need to make sure they’re securing their communications and supply chain between third-party vendors and within their own infrastructure. Organisations want to enable multifactor authentication for sensitive systems to prevent unauthorised access and protect their important data, assets and accounts.
McAfee’s July Quarterly Threats Report found that attacks targeting the retail industry have steadily increased by 15 per cent in the first quarter of 2020. As a result of COVID-19 restrictions, more people will be turning to online shopping than ever which will become a desirable target by cyber criminals across the globe.
Many retailers would be thrilled just to be in business and looking forward to a big holiday season and they are probably not cyber ready. Credit card data is a form of currency for cyber criminals and retailers have a lot of it. POS (point of sale) systems are a point of attack to obtain credit card details and personal identification numbers (PINs).
In these instances, malware (malicious software) is installed on the POS which will record everything. Most malware will find its way onto a POS via email where an employee would unintentionally engage with a phishing email (malicious email) what results in the deployment of the malware.
Another form of malware to be aware of is a Denial of Service (DoS) that is designed to disrupt. What happens here is that the network is flooded with requests that the servers are unable to deal with, resulting in an application or website not functioning.
Then there’s ransomware, another form of malware, and as the name suggests, once this malicious software has been deployed, systems are shut down and a ransom is demanded. Disgruntled or casual employees looking to make extra money or cause disruption need to be considered as well. These are known as “insider threats” and are becoming increasingly popular.
It’s important to note that phishing accounts for 90 per cent of successful cyber attacks, so your employees need to be aware of the red flags to look for.
Should a retailer become the victim of a successful cyber attack, the results can be catastrophic. Loss of reputation, financial impact, brand damage, loss of trust and even having to close the doors. This is nothing to laugh at. This is serious business for the cyber criminals, and protecting your systems, customers and even vendors must be a priority.
What can retailers do to stay safe?
- Patch all software and check that your networks are safe from vulnerabilities.
- Communicate with vendors and ask them what they have in place for cyber security.
- Take their employees through new-school security awareness training to avoid falling for scams and social engineering attacks in both their personal and professional lives.
- It would be advisable for them to educate their customers on what to look out for to avoid being scammed. All online retailers should have a page on their website dedicated to communicating with their customers on any scams that have been reported.
- Using social media is also a great way to keep customers up to date with scams and can also be used as a platform to educate on staying safe online.
- Educate customers who come into your physical stores on staying safe online and shopping safely.
Jacqueline Jayne, security awareness advocate APAC at KnowBe4
