This Friday is Black Friday, the biggest retail holiday in the world. With shoppers looking to the internet to find the best bargains, the holiday has quickly moved online, with Cyber Monday fast becoming just as well-known. But shoppers should also be wary of a Cyber Monday scam that’s on the rise.
British shoppers are expected to spend a staggering £8.29bn over the Cyber Weekend (the weekend after Black Friday) with £13.41m expected to be spent ever minute.
Unsurprisingly, the increase in online transactions brings with it a significant rise in the number of cyberattacks, as cyber criminals take advantage of peak shopping times to steal personal information undetected. a recent report by ACI worldwide predicts that there will be a 14% increase in fraud attempts during the 2018 holiday season.
Malicious attacks have traditionally used reward scams, fake prize draws and fraudulent email campaign to attract shoppers keen to find a bargain, but with the rise of mobile commerce, cyber criminals are adopting new tactics as well.
Fake mobile apps: The Cyber Monday scam on the rise
One of the tactics used to trick shoppers is fake mobile apps. A recent report by network security company RSA found that over the last quarter, rogue apps accounted for one-quarter of all fraud attacks. In fact, fraud from mobile browsers and mobile applications in general is on the rise, with a year-on-year increase of 27%.
According to RiskIQ, 5% of apps created specifically for Cyber Monday were found to be malicious.
Rusty Carter, VP of Product Management at Arxan Technologies believes that the convenience of mobile commerce can bring with it an increased risk of phishing attacks:
“The new opportunities associated with the growing range of mobile commerce services also entails new risks: business transactions via web and mobile applications – be it payment transactions or the transmission of sensitive personal data – are particularly threatened by cyber manipulations and open up a range of possibilities for fraud and data theft.
“Fake apps have also become a problem for mobile online commerce. The often deceptively authentic-looking counterfeit products act as official apps for well-known brands, playing off unsuspecting consumers in a variety of ways. More worryingly, these fake apps are published on official app stores such as Google Play and Apple’s App Store. Not only does this leave consumers vulnerable to attack and data exposure, but it also has the potential to damage the reputation of the organisation whose apps are being mimicked.”
Recently, online stores such as Shopper Approved, TechRabbit and Kitronik have fallen victim to attacks from online credit card theft group Magecart. The group uses payment card-skimming malware to harvest shoppers’ card details, and managed to access the details of several hundred of the 7,000 Shopper Approved customers.
Carter offers the following advice for those looking to avoid being the victim of this kind of attack this Cyber Monday:
“The recent wave of attacks is placing a stronger emphasis on what we already know — software vulnerabilities, incorrect configuration and other holes in defences are not going away, and attackers can use a company’s own software against it and its customers.
“While existing best practices continue to be relevant, there are additional security measures that can be taken to address specific attacks like Magecart. Organisations should implement certain mechanisms and controls that continually monitor code for injection and detect when code is being modified, as once an attack is detected these same mechanisms can provide real-time alerts and trigger processes to deactivate accounts, remove malware and nullify any progress made by attackers.”