Fake retail sites and deals that are too good to be true await armchair shoppers who let their guard down.
Back in the footloose and fancy-free days before the COVID-19 pandemic, shopping holidays were already rooted in a fixation on e-commerce. Since last spring, however, our offline and online lives have further blurred, and the focus on one-off shopping holidays has shifted to meet the always-on, always-home characteristics and preferences of consumers stuck in physical limbo.
Some studies show that nearly 70% of consumers have said they have increased online shopping in the last six months. Now that we are fully stocked with paper towels, many people are ready to pounce on ‘essential’ holiday must-haves like the new PlayStation 5.
This surge in e-commerce activity has opened floodgates of opportunity for cyber attackers looking to cash in on rapid change in the weeks ahead. How will this impact seasonal shopping habits, and what does it mean for cybersecurity? What risks are consumers willing to take to get that gift?
Jumping the e-shopping gun
Over the last six to eight months, retailers have been offering deep discounts and adapting to changing shopper behavior to court customers who had cautiously curtailed spending in time of uncertainty.
Instead of waiting for Black Friday, many began dropping deals earlier this year. Shopee and Lazada were among many retailers to release their biggest discounts in October—nearly two full months before the official start of the holiday shopping season.
Consumers are gladly taking advantage of these early digital deals, jumpstarting their holiday shopping while skipping the crowds and irritating mall music. The holiday shopping season—at least in 2020—will not be limited to a few marathon days.
With shoppers spending more time online and spreading out their spending over months, what should we know about rising attacker opportunities?
Safety in the new retail reality
According to a CyberArk holiday shopping security global survey in October 2020 of 2,000 consumers in the UK, US, France and Germany, 65% of consumers admitted to saving passwords and credit cards on their devices. Sure, it is convenient to make a quick purchase, but there is a major downside. Credit card numbers saved in a browser can be enticing targets for phishing attacks.
Further, anyone who has waited weeks for toilet paper to get delivered from their big box retailer knows that many manufacturers are having a tough time keeping up with demand. Anticipating supply chain issues this season,57% of consumers said they would be willing to shop at unfamiliar online stores in order to score the perfect holiday gift on time.
Okay. Your kid really needs a Star Wars Mandalorian Darksaber—and you stretched for time. So you search around, finally find one from a retailer you have never heard of—but they have it in stock. You punch in your credit card number with glee. Yet fraudsters set up fake typosquat websites to trick online shoppers into disclosing sensitive information all the time.
Before making a purchase, it is important to do some research on the retailer. Are they reputable? Do they have the “https” and closed padlock icon in the browser? While these intended symbols of security do not always protect the consumer, they can be a reliable indicator of safety.
It is not that consumers do not recognize the risks of online shopping. Only 26% surveyed were totally confident in retailers’ ability to secure their transactions and privacy—but consumer awareness has not translated to action. And today, convenience often trumps caution.
The year 2020 has ‘gifted’ us all with a host of unanticipated scenarios and challenges, some of which threaten online security and privacy. Do not let holiday shopping be one of them.
Employers: beware of WFH shoppers
Unfortunately, risky consumer shopping habits put more than personal devices and information in danger. Some 30% of survey respondents admitted to using their corporate devices to shop online, while 27% allowed household members to use their corporate devices to shop online.
Such behavior threatens corporate security. All it takes is one compromised credential on one employee laptop to potentially cause costly business damage and disruption.
While “Christmas Every Day” makes for great Hallmark Channel movie material, an extended holiday season is not all holly and jolly. Nearly three months of digital deals mean cyber attackers have significantly more time to spoof employees with holiday-themed phishing emails, websites, social media scams and more. Stay vigilant, and as you look to the year ahead, make sure organizational cybersecurity strategies align with new realities and consumer behavioral trends. Because as it turns out, shopping—for everything from groceries to cars—is pretty convenient and comfortable from the couch: and it is not going away anytime soon.