Yes, you heard that right. Apparently, it is not only shoppers engaging in retail therapy who are taking advantage of shopping websites and apps. This includes hackers launching phishing attacks too!
Cybercriminals have shown heightened activities in the retail industry. Specifically taking advantage of customers who are getting their shopping done via online deliveries. And they have a very intricate way of doing their phishing attacks.
First, they set up fake websites and use this to gather information about customers. Then, though impersonating postal and delivery websites, scammers send out SMS notifications that read as “urgent delivery” or “failed delivery”. Once clicked, customers are routed to the scammer’s site and asked to “verify information” about their packages. This is done by asking them for their personal and payment information. Unsuspecting customers would provide them willingly to ensure that they get their packages on time.
Although there is a significant rise in incidents this year, these phishing attacks are not without precedent. Seasoned retailers know that with the increased shopping activities present a very good opportunity for attackers. As such, business owners have already expected these increases in phishing and other cyber activity. Hence resulting in anticipated cyber stress.
Because these fake sites are impersonations, legit businesses suffer greatly in the process. Seeing that the SMS notifications redirect customers to the pages that look very similar to the legit business, customers are quick to blame them for any mishap or “leak” in their personal and payment information. Thereby resulting in friction between the two parties, when in reality, both are actually victims of the attack
Unfortunately, these cyber attacks are difficult to track and apprehend. Most of the phishing sites limit their activities to focus on easy victims in target countries. Likewise, the fake websites also go dark after a few days or intermittently, stalling or blocking further investigation by law enforcement agencies.
In a blog post by Vladimir Kalugin, operations director of digital risk protection at Group-IB, he said that “The high volume of packages being shipped…makes it easier for scammers to hide among legitimate delivery services.” and because of this, “We recommend users verify sender details, search through official channels cautiously due to scammers’ mimicry, treat messages as alerts, independently access official websites, and be aware of the ongoing schemes,” Kalugin added.
True enough, there is no other way to protect customers but to educate them to become consciously aware that this form of fraud is everywhere. By verifying details and checking official websites of the businesses, customers can avoid getting their information in the hands of cyber criminals.
Similarly, business owners should also take proactive measures from their end and pump up on their website security. Reducing stress by being prepared. Talk to us today and we can help you protect your business and your customers!