The desire to do some good business for the Black Friday involves many consumers who shop online. Unfortunately, with all this euphoria, the fundamentals of online security are often forgotten, making consumers and retailers easier and more attractive targets for cybercriminals.
Verizon Business’ Data Breach Investigations Report 2021 (2021 DBIR) recently highlighted that hackers primarily target confidential data stored on devices within stores, including consumer payment details (42%), information personal (41%) and credentials (33%).
If something sounds too good to be true, it probably is!
The retail sector – but not only Black Friday – continues to be a target for cybercriminals who, driven by economic reasons, try to obtain payment card codes and personal customer information. Among the main social engineering tactics used by hackers are pretexting and phishing, which according to DBIR 2021 data are used in 77% of retail breaches, with the former commonly resulting in fraudulent money transfers.
Land phishing campaigns can be divided into four distinct groups: a scam, such as an email from a relative who is trapped overseas and needs money to get home; brand impersonation, the message appears to come from a bank or a trusted brand that requires the user to confirm a payment or take advantage of a special offer; extortion, designed to scare the user and ultimately Business Email Compromise (BEC), a highly targeted attack on a company or individual. All campaigns invite users to click on links, to direct them to fake pages or to induce them to send confidential information.
During the pandemic, the use of QR codes as a way to order and pay easily has also increased among smaller retailers and hospitality businesses. However, consumers should be careful as these codes could lead to suspicious URLs that, without their knowledge, could make payments, send location details, and connect to their social profiles in an attempt to steal personal credentials and payment information.
If a retail company makes offers on their own products too good to be true, then they probably are! For this it is better to avoid clicking on the links of these “occasions”. Of course, the main advice for escaping phishing scams is not to open emails that look suspicious, even if nature and human curiosity make this easier said than done.
For this, regular training of resources is the best defense, to explain to them the tactics used by phishing campaigns and how to spot them, to protect confidential company data and to help employees use ecommerce.
Keeping the bar straight on safety: the responsibility of the retailer
Retailers today must protect the security of their own data and that of their many customers. In an increasingly digital age, it is important for companies to employ all possible solutions, as is having awareness of the strategies used by cybercriminals, at all times of the year and not just on Black Friday. Having an open mind towards the latest technologies is a valuable way to always stay one step ahead of aspiring hackers.
The data show that in the ultimy five years, 35% of the 1,354 breaches that led to the theft of payment card information were due to compromised cash register (PoS) systems used in brick-and-mortar stores; while 38% came from compromised web applications, such as online shopping sites.
These web attacks compromise a website’s payment application by installing a code within the app to capture customer payment card information as they complete their purchases. These violations probably don’t make the news, but they can still have serious consequences. Today’s cybercriminals aim to target vulnerable e-commerce applications that allow them to launch effective and automated attacks.
What can companies do to mitigate this threat?
* Understand the importance of software that monitors file integrityCybercriminals targeting web applications don’t target inactive data. Rather, they enter a piece of code to capture customer data as they fill out web forms. To combat this, companies can use software that monitors the integrity of files, adds them to the antimalware system of their payment sites, and patches the operating system and payment application code.
* Embrace innovation: focus on new technologies that make it more difficult for criminals to exploit PoS terminals. These include EMVs and digital wallets, or any other method that uses a one-time transaction code, as opposed to what PANs do.
Safety is everyone’s responsibility
One thing is certain, data security, regardless of where it is stored – in store checkout tools, on a mobile device, on a social account or on a computer – is everyone’s responsibility. Consumers need to be diligent and know who they share their data with and how they interact online. Likewise, retailers have a primary responsibility to protect not only their own brand and data, but also those of their customers who trust and trust their brand.
For many retail organizations, especially smaller ones, the implementation of large-scale security solutions is neither cost-effective nor feasible, but every measure is implemented, however small, can have a very beneficial impact when it comes to detecting and deterring cybercriminals, not going to intensify it just on Black Friday but throughout the twelve months from the calendar year.