Black Friday & Online Fraud – What Have We Learnt?
By PlanetVerify on 29 Dec 2017
Last month consumers enjoyed another frenzy of slashed prices and bargain basement price tags. Black Friday brought its usually flurry of financial activity, kicking off the holiday season. Year on year, the shift in purchasing methods has increased. We’ve come a long way from queueing for stores to open, when consumers can now engage in online spending from the comfort of our own homes or via mobile on the go.
According to The Wall Street Journal, in 2017 the number of Black Friday in-store sales dropped by 4% while online purchases increased by a whopping 18%. With the power of the online advertising industry and ease of online access and use, not only are more people choosing to do their Black Friday spending online but they’re spending more online too.
What does this mean for cybercrime?
The more transactions that are made, the better. Online fraud thrives when it can be easily concealed. Although it’s still too early to analyze recent stats for this year’s online fraud activity, specific to Black Friday, stats from Kaspersky Lab show that last year financial phishing accounted for an enormous 49.77%, making up nearly half of all phishing attacks. We expect to see those numbers reflected and possibly increase in results from this year’s sales. As consumer purchasing increases, so shall the opportunity for fraud.
How does it work?
When consumers use online payment methods to make transactions, their personal data may be at risk. On Black Friday, banks see a huge increase in mobile and online account logins and authorizations, causing a distraction for online fraudsters. Bot attacks are launched to ‘phish’ for personal data and then use that data to attempt purchases and payments. Since traffic is inordinately high it’s significantly harder to spot bot attacks on Black Friday than any other day of the year. With the tech advances of 2017, botnet and malware attacks are so advanced that they can closely and discreetly mimic trusted user behavior. Once they discover the personal data they need, these stolen or synthetic identities can be used in myriad ways to perform fraudulent and hugely damaging online purchases on a massive scale.
One of the most effective uses of botnet fraud in the retail sphere is account origination fraud. Defined as the use of stolen identities, or often false identities built around stolen personal data, to create new accounts, account origination fraud is even more difficult to detect at times of extremely high traffic. On Black Friday this is more than true when personal data transactions increase as do new account creations for genuine purchasing reasons.
What can we do?
Verify true identity and minimize fraud. Here’s a brief list of things to watch out for:
1) Email Phishing: fraudsters will send out polished emails emulating those of trusted retailers promising offers and promotions so berserk they seem far too good to be true, even on Black Friday. That’s because they are. And you should ignore them. These emails will take you down a route that requests personal data or infects with inadvertently downloaded malware.
2) Fake Sites: these are exactly what they say on the tin. You see a great pair of shoes or brand new smart phone and decide to treat yourself to a Black Friday deal. The problem is, these sites are built to mirror those they are impersonating. They can look and feel the same, with similar products, prices and even shopping cart functionality. The best way to spot these is to check the URL. If it ends with .org, .net, or has a completely different name to that of the company you are attempting to purchasing from, back away. Look out for sites beginning with https:// – these are generally better protected and less likely of infecting you with malware.
3) Pop Up Phishing: Never provide more information to an untrusted web site other than your name, email address and phone number. When making a purchase or browsing you should not be asked to answer ‘security’ or verification questions involving personal data. Never disclose this information.
PlanetVerify offers an end-to-end solution for retailers and consumers alike. From lessons learnt this year, let’s prepare for a safe and secure 2018. Our app allows for fast, effective and ultra secure encrypted personal data storage and management, for consumers on the go. The holiday season should be about relaxation, celebration and joy. Our motto is to collect, store, verify and comply, so you can sit back, relax, and shop or sell from wherever you want to go.