Do not let careless cyber hygiene and ruthless scammers ruin your year-end bargain hunting spree …
Ahead of Singles’ Day on 11 Nov, a 12-month analysis cybersecurity threats targeting the retail industry released by Imperva shows a range of automated threats — from account takeover, credit card fraud, web scraping, API abuses, Grinch bots to distributed denial of service (DDoS) attacks — that the e-commerce industry can prepare for.
Some of the key cyber trends faced by e-commerce platforms surveyed in the past year:
- 40% or so of traffic on retailers’ websites did not come from a human. Instead, it came from a bot. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.
- 23.7% of all the traffic on surveyed retailers’ websites was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots — scripts that use the latest evasion techniques to mimic human behavior and avoid detection — on these retail sites had grown over the prior year (from 23.4% to 31.1%).
- In 2021, bot-related attacks on surveyed retail sites grew 10% in October and by another 34% in November, suggesting that bot operators had increased their nefarious efforts around peak holiday shopping periods.
Tips for Singles’ Day shoppers
- Ensure your software and apps are updated so you have all the latest security patches.
- Do not shop through a public Wi-Fi connection. Instead use your secure home network, or use a VPN to secure any mobile internet connection.
- Make sure to shop at reputable sites via a secure HTTP link (https://web.address) showing a padlock symbol.
- Be careful of the apps/extensions you download onto your devices. Stick to well-known brands or applications. Be especially wary of free apps.
- Be sure to use strong, differentiated passwords for each shopping site’s account, and set multi-factor authentication where possible.
E-commerce vendor reminders
- Ensure your organization is compliant with all data privacy regulations in your jurisdiction.
- Prepare for a high volume of traffic, as well as DDoS attacks.
- Be sure to have a bot management strategy in place to only allow legitimate customers onto your website.
- Encourage your customers to observe good password practices and offer multi-factor authentication in your system.
- Protect your existing website functionalities and make sure newly added ones are safe, too.
According to George Lee, Senior Vice President (Asia Pacific & Japan), Imperva: “The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022. This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is ever ready to mitigate attacks quickly without disrupting shoppers.”