Hacking Christmas: Cyber Criminals Leverage The Spike In Online Sales 

Computer hacker or Cyber attack concept background

Expert identifies 4 cornerstones of retailer’s cyber security

PwC’s 2020 US Holiday Outlook indicates that 61% of those surveyed will do most of their shopping online, as 55% mentioned the pandemic being the biggest concern preparing for Christmas this year. Accenture provides similar estimations with 75% respondents claiming  they would at least partially shop for Christmas online.

Ecommerce vendors aim to grow their profits due to increased traffic in online stores, but this puts them in the spotlight of cyber criminals, who use similar tactics every year. If the website goes down for a day, retailers lose as much as £19,000 of revenue (£134,850 per week) and in the midst of the holiday shopping spree the numbers are supposedly higher.

“Due to more people shopping online, the number of cyber attacks are projected to increase. 57% of retailers say the surge in online sales has made cyber security especially difficult and 83% of the top US retailers have connections to vulnerable third-party assets. Hackers try to take advantage of increased traffic in the online stores to trigger the Denial of Service (DoS) attack and temporarily shut down the website or gain access to user account information. They may, for example, utilize bots, some of which are programmed to snatch the best deals, while others try to break into the user’s account and obtain sensitive data” says Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.

Last year, Magecart group managed to implant a card-skimming code on Macy’s website and leak crucial payment information, including, but not limited to, name, address and credit card number.  This year, Magecart attacks are also considered as one of the most dangerous client-side vulnerabilities.

Hackers also leverage social engineering techniques as the online communication in holiday time surges. “Using hijacked vendors’ emails, criminals can distribute scams through reputable and trusted channels and acquire sensitive client data. Remote work also multiplies the risk.” warns NordVPN Teams expert.

Think about private information. Employees should only be able to access the internal systems through two-factor authentication and guest checkouts shouldn’t be allowed. “Some of the hackers use so-called ‘friendly fraud’. They purchase the products and then require a refund after the items have reached their hands. More sophisticated ones make use of traditional social engineering practices and attempt to breach ecommerce websites” says Gurinaviciute.

Be careful with third-party solutions. Many smaller retailers depend on the content management systems (CMS) and various ecommerce plugins. They require some degree of system integration, which can become a gateway for criminals in the event of cyber attack. It is thus wise to limit third party access to any consumer’s private and payment information, a policy known as a “least privilege”. However, third-party solutions are indispensable while handling the payments, as established providers ensure trustworthy encrypted tunnels for financial operations.

Take a good look at your website. There are various signs that websites can be trusted and one of the most important is the presence of a secure socket layer (SSL) certificate, which safeguards any data that flows in and out of the website. It is indicated by the ‘https’ at the beginning of the URL or a lock icon in some of the browsers. Don’t forget that the website theme and general appearance are also telling.  Updating a website’s plugins is also relevant as cyber attackers try to leverage their bugs to infiltrate web pages. Important data on servers has to be backed up every once in a while or an automatic backup has to be set, preferably on the offline storage.

Teach and learn. Cyber security and tech landscape changes quickly and constant learning is necessary to keep up with the advancements. The best way to avoid a disaster caused by cyber attack is to ensure businesses have an up-to-date and functioning crisis management strategy and all workers are instructed about necessary actions they should take in the case of emergency. Risk and security awareness training  is crucial, especially if they work remotely.

About NordVPN Teams

NordVPN Teams is a cloud-based VPN for business from the world’s most advanced VPN service provider, NordVPN. NordVPN Teams has a full range of features to ensure convenience and powerful digital protection for organizations of all sizes, freelancers, and remote teams. NordVPN Teams offers advanced 256-bit encryption, secure remote access, malware blocking, two-factor authentication, unsecured traffic prevention, automatic connection on Wi-Fi networks, and 24/7 customer support. NordVPN Teams is available on all major platforms.

Comments are closed.