The Planner, the Last-Minute Scrambler, the Bargain Hunter, the Impulse Buyer or the Researcher: five shopper profiles that cybercriminals target assiduously!

The number of cyberattacks continues to rise and mutate all the time. In 2022, the most alarming has been the sharp increase in malicious bot attacks, where we recorded a three-fold increase in such attacks.

What this means for the retail industry is the likelihood of increased “credential stuffing”, where attackers use lists of compromised user credentials to breach into a system; and launch data scraping attacks, where they can import information from a website into a spreadsheet or local file saved on your computer.

During this holiday season, it is no surprise that attackers are looking to take advantage of the peak online retail activity since there is much to gain financially, especially in Asia that accounts for approximately 60% of global ecommerce sales.

It is essential that both shoppers and retailers work together to learn how to watch out for scams and protect themselves. So, to help readers do so, we would like to describe five common shopper profiles observed during previous year-end shopping periods and the cyber scams each profile should watch out for.

Dean Houari, Director of Security Technology and Strategy, APJ, Akamai

Five types of year-end shoppers
Here are the five different profiles, together with their most vulnerable traits, and tips to help them stay safe online:

The PlannerThe Last Minute ScramblerThe Bargain HunterThe Impulse BuyerThe Researcher
You can spot a planner miles away! Planners have their presents wrapped and ready, months before the holidays. Making and planning purchases well ahead of time, Planners often save their credit card information, log ins and other personal information on shopping sites.Behaving opposite to what Planners do, Last-Minute Shoppers often remember it is sale day just before the clock strikes midnight. They snag their deals, but it is always down to the wire for them!The price point is the most significant purchase consideration for these shoppers, who would arduously sift through various sites to get a substantial deal.Driven solely by emotions, impulse shoppers often do not have a specific product in mind before placing an order. They often respond to time pressure to access a coveted item on a limited time offer, at a price too good to refuse.Researchers extensively compare products and offers before purchasing.

They often have various browser extensions installed on their browsers to speed up their price and features comparisons.
Most likely to fall for:
Credential Stuffing
Most likely to fall for: Phishing scamsMost likely to fall for: Social Engineering AttacksMost likely to fall for: Brand ImpersonationMost likely to fall for: bad browser extensions
During such attacks, based on the assumption that many users reuse usernames and passwords across multiple services, hackers use lists of compromised user credentials to breach a system via malicious botsIn their rush, the Last-Minute Shopper is likely to accidentally click on untrustworthy links and fall prey to phishing scams. What appears to be an email from a reputable retailer with a coveted discount may be fraudulent, but the last-minute shopper does not usually have time to check.
With the rise of online marketplaces, this is becoming more common.
Bargain hunters would be likely to click on spoofed emails or accept malicious browser extensions that function as price comparison tools.
Attackers prey on such buyers’ eagerness for a good deal by sending them fake offers that ask for their personal data — even impersonating legitimate tools like Google Analytics or Google Tag Manager to compromise code and steal valuable information.
Via fraudulent links, cybercriminals impersonate popular brands, tricking victims into sharing personal information, buying contraband products, visiting a fake website, downloading malware, and more.

Exacerbating these trends are social media channels where attackers can easily impersonate brands, engage with customers seeking to purchase items, and ask for personal details.
Cybercriminals hide viruses behind browser add-ons, which can then install adverts, gather users’ browsing histories, steal login credentials by impersonating famous apps and extensions, and abuse contact lists to ask the victims’ friends for money.

Such malicious extensions could go undetected especially if security software programs treat known extensions as trusted applications.
Tips for protectionTips for protectionTips for protectionTips for protectionTips for protection
• Be wary of saving payment details on merchant websites. While this may be convenient, it can leave data vulnerable if the merchant is breached.

• Practice good password hygiene by setting up different passwords for different sites. Better yet, use a password manager to set up unique, difficult-to-guess passwords.
• Verify the validity of sites before visiting them or providing any personal information therein.

• If emails are unsolicited, be alert to any telltale signs of low quality work. Do not proceed if it includes wrong information or requests to enable macros, adjust security settings or install applications.
• Always verify the validity of the offer and the legitimacy of the sender.

• Use a good spam filter for emails as a first barrier of defense against suspicious files and links.
• Scrutinize links provided in emails and be on high alert if they are not pointing to the correct location or direct to a third-party site not affiliated with the brand.

• If in doubt, reach out to the brand on their official channels to verify offers before clicking on any links to make payments. Make sure to check that accounts are verified.
• Only install extensions from official Web stores, and even then, be aware that such stores can contain zero day malware or compromised apps.

• If any extensions or apps require extensive permissions to your device, do not install them

Retailers must also do their part

Attacks on popular retail behemoths in the last few years have revealed important lessons for merchants. Many readers may still remember the malicious bot attacks tripling during Single’s Day last year: prevention is better than cure.

Taking proactive steps to monitor potential threats and being ready to block unauthorized access and keep shoppers safe throughout their retail experience is essential. This could include deploying a bot solution to stop credential stuffing attempts early and using password managers and multi factor authentication to secure users.

Failure to do so may, immediately or in the future, could let cybercriminals drain customer accounts, damage site functionality, and cause encrypted data to be held ransom — all at enormous costs to businesses.