Cybercriminals aim to cash in on Internet-shopping frenzy during pandemic

With more people than ever choosing to do their holiday shopping online, cybersecurity experts warn that criminals are also out in force in the digital marketplace. (File/AFP)
Short Url
  • Both retailers and customers have a responsibility to reduce the risk of fraud, security experts say
  • The retail sector is a particularly attractive target for cybercriminals, in light of the increased e-commerce activity during the pandemic

RIYADH: With more people than ever choosing to do their holiday shopping online because of the coronavirus pandemic, cybersecurity experts warn that criminals are also out in force in the digital marketplace and advise shoppers to be particularly careful.
This is especially true for people who use equipment supplied by an employer. In a report titled Company-issued Computers: What Are Employees Really Doing With Them?, online security software company Mimecast said that the majority of people already use work devices for personal tasks, including online shopping, and the number is growing.
For example, 87 percent of respondents in the UAE said they had used work devices for things not related to their job, including 37 percent who admitted shopping online. In addition, 66 percent said their personal use of work devices has increased since the start of the pandemic. This increases the risk of cybersecurity problems, experts warn.
Mimecast’s Threat Intelligence Center found that COVID-19 is not the only problem spreading rapidly around the world. Between January and October, it detected and blocked more than one billion malicious online threats, a 34 percent increase over the same period in 2019. Cyberattacks in October were up 22 percent compared with September, with retail and wholesale the most-targeted industry sector.
Werno Gevers, regional manager at Mimecast Middle East, said that while many organizations have adapted their security policies and introduced additional cybersecurity-awareness training in an effort to keep remote workers safe, employees need to be more careful about threats and sharing personal information online.
“The research showed that 81 percent of participants had received specific work-from-home cybersecurity training, yet 61 percent still admitted to opening emails they thought were suspicious,” he said. “This shows that while there is a lot of awareness training offered, the content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cybersecurity risks.
“Training needs to be regular and memorable if organizations are to protect workers and company systems from compromise.”
The retail sector is a particularly attractive target for cybercriminals, in light of the increased e-commerce activity during the pandemic and the potential for stealing financial data or credentials.
Mimecast researchers said that cyberattacks on retail organizations are likely to remain at high levels throughout the December shopping period.
“Retailers also need to take steps to ensure their brands are not being hijacked online and used to launch cyberattacks on shoppers,” said Gevers. “By taking ownership, retail brands can prevent criminals from turning the busy shopping period into a phishing frenzy.”
Phishing refers to fraudsters who pose as legitimate, trustworthy organizations or businesses in an attempt to trick a victim into revealing sensitive personal information.
As part of its regular security research, Mimecast monitored 20 leading global retail brands and found almost 14,000 suspicious, recently registered website domains using names related to those brands. Additional registrations continued during the observation period. On some occasions, Mimecast saw between 53 and 87 suspicious domains registered in just one day for a single retailer.
“The damage to a company’s reputation following a successful online brand exploit can take a long time to repair, so it’s in the best interest of the organization and its customers to take preventative measures,” Gevers said.
Saudi cybersecurity expert Abdullah Al-Jaber urged anyone intending to shop online during the holiday period take extra care, especially when dealing with unfamiliar websites that look shady or suspicious. He also advised against using work computers or other shared devices for any online activity.
“Don’t use a work laptop for personal use, such as emails and surfing the Internet,” he said. “Make sure to enable two-factor authentication whenever available on any platform and use complex passwords that cannot be guessed easily. And, of course, report any suspicious emails or calls.”