Cybercrime Christmas is Coming

Written by

This year looks like being a bumper Christmas for cyber-criminals, who are now gearing up for the shopping season as eagerly as the leading retailers, who make over half their annual revenues in this short period.

Last year saw online Christmas sales rocket with a massive 51% year-on-year jump in online sales in the final week before December 25. But last year also saw a sharp peak in cyber fraud targeting retailers with refund scams, fake vouchers and coupons and carding cons growing sixfold in the month leading up to last Christmas.

Since then, cyber-criminals have had 12 months to hone and perfect their skills as a growing number of shoppers opt to make more of their purchases online. During 2017, in-store shopping fell by 3.7% in the UK while online shopping rose by 3.6%, making the UK an increasingly attractive target for organized criminal gangs, many of which now operate from outside the UK in countries such as Russia, where the authorities refuse to prosecute criminals within Russia with cybercrimes perpetrated outside the country.

This year has already seen growth in techniques aimed at defrauding online retailers and their customers. Retailers and their customers are especially vulnerable to increasingly popular credential stuffing tools which automate the verification process of credentials, allowing hackers to acquire credentials in the millions on the Dark Web and test them against online marketplaces to give them access to online shopping accounts.

Online links to fake special offers often direct unwary consumers to spoof websites of famous brands which are virtually indistinguishable from the genuine ones. Online shoppers conned in this way have had little or no redress and the retailers and brands affected have suffered a corresponding damage to their reputations and brand image.

Online vendors have far less leeway on pricing than traditional high-street retailers. In the online world, the competition is only a click away and retailers have found a consistently downward pressure on pricing to a point where many charge the same price for the same branded goods.

In order to differentiate themselves, some leading retailers are offering additional benefits to online shoppers. These include refund policies favoring the consumer. This can be particularly effective in the fashion industry, where potential online clothes shoppers might otherwise be wary of purchasing clothes without being able to try them on first.

Refund fraud among most significant revenue threats
Today’s cyber-criminals are constantly identifying cyber security gaps in online retailing and CyberInt’s latest research shows that fraudulent refunds rank among the most significant threats to retailers’ revenue loss; refund fraud does not require the cyber-criminal to have any special technical or hacking skills.

Fashion retailers are likely to be the hardest hit by refund fraud during the current seasonal shopping spree. The fashion industry accounts for 72% of fraudulent refunds, making it the most targeted industry for fraudulent refunds. The electronics industry is next, accounting for 14% of fraudulent refunds, followed by consumer goods, which account for 10% and then the cosmetics industry, which accounts for four per cent.

Fraud refund scams are becoming increasingly organized. The process is generally one whereby the cyber-criminal publishes a post aimed at attracting dishonest consumers interested in making a fast buck. Once the corrupted consumer has agreed to co-operate, organized cyber-criminals approach a targeted online retailer to request a refund. The online retailer or brand, anxious to provide a customer-centric service, approves the refund. The fraudulent refund is then split between the customer and cyber-criminal. In the online market, it is no longer compulsory to see those products returned for refunds, making it even harder to prevent this type of fraud.

The reason the fashion and clothing industry is being so heavily targeted by online fraudsters is because it has a traditionally high level of returns. Following Christmas 2014, 46% of online shoppers returned their clothing purchases. However, although the electronics industry accounts for only 14% of fraudulent refunds, the refunds offered by cyber criminals to online consumers are highest in the electronics industry because of the relatively high cost of its products. 

The fact that organized cyber-criminals frequently operate from outside the countries where the refund scams are taking place makes it extremely hard for retailers to prosecute them. CyberInt’s research has uncovered that 48% of fraudulent retail scams emanate from the US, and 32% from Europe, mainly Russia.

Retailers and brands anticipating a bumper shopping season must be increasingly vigilant this year if they are to avoid seeing their profits whittled down by scams such as fraudulent refunds and their customers’ accounts hacked via increasingly popular credential stuffing techniques.

What’s hot on Infosecurity Magazine?