Christmas in July: CyberInt Research Warns that Amazon Prime Days Inspire Cybercriminals to Shop for Victims
Black Friday & Cyber Monday Threats Have Returned in Force
TEL AVIV, Israel, July 11, 2019 /PRNewswire/ -- Amazon Prime Days is a summer rerun of Black Friday, Cyber Monday, and Christmas shopping – significant price reductions together with a concurrent increase of threat actor activity in the deep and dark web.
Looking back, the December 2018 holiday shopping season generated 30% higher than usual threat traffic. Based on monitored Dark Web chatter, CyberInt Research expects similar results leading up to Amazon Prime Days and the days following. CyberInt is the leading cybersecurity provider of managed threat detection and mitigation services to digital consumer businesses.
"Unfortunately, the more retailers do for their customers, the more opportunities cybercriminals have to find ways to take advantage of it," says Daniela Perlmutter, Vice President of Marketing of CyberInt. "As part of our mission to help ecommerce players and their customers be more cyber resilient, we're trying to inform as many people as possible about how to protect themselves."
Five Tips for Retailers to Protect Their Customers
1. To protect against threat actors using their brands to lure customers, retailers need to:
- Identify abandoned subdomains that may be claimed by threat actors and used for phishing, social engineering, and session hijacking
- Claim domains with high similarity to yours that may mislead clients and be used by threat actors – for example Wallmart or Targett
- Raise awareness among employees and customers regarding phishing attacks via email and websites
2. Apps mimicking the look and functionality of your brand's official mobile app can trick users to install it and may cause a variety of malicious actions.
- Constantly seek out the fake apps and have them removed immediately
- Recommend that your clients only download apps from recognized mobile app stores, such as Apple App Store, Google Play, and Amazon Appstore.
3. Due to the significant increase in shopping traffic, it's easier for cybercriminals to disguise their actions. Account checkers and credential stuffing attacks, which predominantly exploit password reuse across sites and use compromised data from third parties to attempt to access your service, are expected to increase during the next week or so.
To fight this, ecommerce companies should
- Limit the number of accounts that can be registered from one IP address in a certain period of time
- Consider IP monitoring, blacklists, and restrict automated processes by using geo-location and/or IP address block lists to restrict access to only valid IP address ranges, e.g. block VPN and dark network addresses as these are likely being used by nefarious parties to mask their locations
- Limit the number of login attempts per HTTP client
4. Retailers regularly face fraudulent refunds and inventory manipulation. To protect against these types of attacks, retailers need to
- Monitor their online assets to identify threats
- Automatically cancel orders involved in fraudulent activity
- Block accounts identified as the cause of these fraudulent activities
- Have a strict return policy in place
- Build and maintain a set of rules to identify fraudulent accounts and requests so they can block them before they are approved.
5. Unfortunately, in many situations, employees are the weakest link and fall prey to social engineering attacks, like spear phishing. Employees with access to sensitive data need to be educated about the rising risks during peak shopping times.
For longer-run protection from Prime Days to December 26 and beyond, retailers need to
- Increase customer awareness about the risks of password reuse, phishing, and brand appropriation
- Install an AI solution to analyze behavior of normal customer connections to detect anomalous activities, with automated mitigation such as prompting the customer for an additional authentication or restricting access to the account to prevent fraudulent use
- Invest in threat intelligence monitoring to detect credential dumps from third-party compromises before they become actual threats, giving them time to audit their own customers' accounts for potential password reuse and allow for proactive measures to be taken, for example, forcing password changes and/or advising customers of the potential breach and dangers of password reuse.
- Managed threat intelligence monitoring can take investigations further to expose the threat actors' identities, uncovering exact methods and techniques to try to prevent future fraudulent activities.
Six Tips for Customers to Enjoy Their Discounts Safely
1. Inspecting site security is the first critical step for proactive cyber protection.
- You need to ensure there's a lock on the website you're browsing on. If it's a fraudulent website – even if it looks legitimate – the lock won't be there. The lock indicates a secure mode where communications between browser and web server are encrypted. This type of connection is designed to prevent anyone from reading or modifying the data you exchange with the website. If the lock is green, it is legitimate. If it is red, it is probably using an expired certificate or the server is misconfigured – warnings not to perform transactions on the site.
2. Change your approach to passwords
- Use different passwords for different accounts and websites to reduce your risk if one of the accounts is exposed.
- Use strong passwords with at least 10 characters, including capital letters, numbers and special characters
3. Protect yourself against phishing websites and emails, especially if they ask you to log in with your username and password
- Verify that the URL you're using is the real URL. Just because the logo and colors are real doesn't mean the site is real
- Is the offer too good to be true? If it is, it's probably not true.
- Read the content carefully. Cybercriminals don't generally write in the style of legitimate businesses. They may not use correct grammar, spelling or punctuation. The content may not even make any sense.
- Check the links. You can hover over a link to see where it leads without actually clicking. Ensure it matches the legitimate site. If it is shortened, that's a quick clue that it isn't safe.
- Do not download any attachments. If it's a legitimate message, you'll most likely be directed to the customer service site if you need to download anything.
- If it's an email, check to see if the sender is someone you know.
4. Think twice before clicking an ad.
- Cybercriminals are Google ad words experts, too. If an ad asks for your login details, stop immediately. You've probably been phished. If the advertisement is linking to a special at the retailer's site, go to the site directly to find it.
5. Be skeptical about egifts and vouchers
- Offers that are too good to be true often are. If answering a simple survey – asking for your username and password – rewards you rather generously than expected, it is not a legitimate site.
- Survey scams are typically shared via social media or pop-ups on unrelated websites and will collect personal information in addition to encouraging victims to sign-up for services that they may not want. These are typically used to gather personal information for later fraudulent or nefarious use as well as making money for the threat actor through referrals.
- Only purchase gift cards and digital goods from reputable outlets. Listings on personal ads or auction sites may be for gift cards or digital goods obtained using stolen payment card data or from stolen accounts. Ensure that you have received a legitimate link for purchase or redemption.
6. Be wary of SMS and WhatsApp advertisements
- Never share or provide your password.
- Don't open messages from unknown numbers or contacts.
- Link shortening technology can disguise fraudulent links.
- Check where the link is directing before clicking it.
By being aware of the potential hacks and remaining vigilant, consumers can better ensure that they are getting real bargains during their transactions and not exposing themselves to identity theft, fraud, and other threats.
Any brands mentioned are trademarks of their respective owners.
About CyberInt Research
CyberInt Research is focused on investigating adversary tradecraft and tactics, techniques and procedures (TTP) focusing on threats to various sectors and industries across regional locations. CyberInt Research team tracks new and emerging threats and threat actors to provide insights into their capabilities and operations.
About CyberInt
CyberInt (http://www.cyberint.com) transforms cybersecurity into a business enabler with targeted threat detection and mitigation. CyberInt delivers the only digital risk and threat intelligence platform combining cyber expertise and profound business understanding to deliver insights and actions that protect what matters most: the business goals, customers, employees, and brand. CyberInt serves top retail, finance, and gaming organizations around the world and has developed a deep understanding of the threats, needs, and behaviors particular to each industry.
CyberInt Media Contact
Amy Kenigsberg
K2 Global Communications
http://k2-gc.com/
amy@k2-gc.com
tel: +972-9-794-1681 (+2 GMT)
mobile: +972-524-761-341
U.S.: +1-913-440-4072 (+7 ET)
Share this article