Do not let careless cyber hygiene and ruthless scammers ruin your year-end bargain hunting spree …

Ahead of Singles’ Day on 11 Nov, a 12-month analysis cybersecurity threats targeting the retail industry released by Imperva shows a range of automated threats — from account takeover, credit card fraud, web scraping, API abuses, Grinch bots to distributed denial of service (DDoS) attacks — that the e-commerce industry can prepare for.

Some of the key cyber trends faced by e-commerce platforms surveyed in the past year:

    • 40% or so of traffic on retailers’ websites did not come from a human. Instead, it came from a bot. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.
    • 23.7% of all the traffic on surveyed retailers’ websites was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots — scripts that use the latest evasion techniques to mimic human behavior and avoid detection — on these retail sites had grown over the prior year (from 23.4% to 31.1%).
    • In 2021, bot-related attacks on surveyed retail sites grew 10% in October and by another 34% in November, suggesting that bot operators had increased their nefarious efforts around peak holiday shopping periods.

Tips for Singles’ Day shoppers

    1. Ensure your software and apps are updated so you have all the latest security patches.
    2. Do not shop through a public Wi-Fi connection. Instead use your secure home network, or use a VPN to secure any mobile internet connection.
    3. Make sure to shop at reputable sites via a secure HTTP link (https://web.address) showing a padlock symbol.
    4. Be careful of the apps/extensions you download onto your devices. Stick to well-known brands or applications. Be especially wary of free apps.
    5. Be sure to use strong, differentiated passwords for each shopping site’s account, and set multi-factor authentication where possible.

E-commerce vendor reminders

    1. Ensure your organization is compliant with all data privacy regulations in your jurisdiction.
    2. Prepare for a high volume of traffic, as well as DDoS attacks.
    3. Be sure to have a bot management strategy in place to only allow legitimate customers onto your website.
    4. Encourage your customers to observe good password practices and offer multi-factor authentication in your system.
    5. Protect your existing website functionalities and make sure newly added ones are safe, too.

According to George Lee, Senior Vice President (Asia Pacific & Japan), Imperva: “The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022. This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is ever ready to mitigate attacks quickly without disrupting shoppers.”