Continue reading this on our app for a better experience

Open in App
Floating Button
Home Digitaledge Digital Economy

Cyber scams to avoid this holiday season

Nurdianah Md Nur
Nurdianah Md Nur • 5 min read
Cyber scams to avoid this holiday season
Here are five common shopper profiles observed during the year-end shopping period and the cyber scams they should watch out for. Photo: Unsplash
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

The holiday season is, unfortunately, a favourite season for cyber attackers too.

“It is no surprise that attackers are looking to take advantage of the flurry of peak retail activity online during the extended shopping festival season since there’s much to gain financially, especially in Asia that accounts for approximately 60% of global ecommerce sales. It’s essential that shoppers and retailers work together to learn how to watch out for scams and protect themselves,” says Dean Houari, director of Security Technology and Strategy for APJ at Akamai.

Here are five common shopper profiles observed during the year-end shopping period and the cyber scams they should watch out for, according to Akamai.

1. The planner, who makes and plans purchases ahead of time. They often save their credit card information, logins and other personal information on shopping sites.

Most likely to fall for: Credential stuffing

During such attacks, attackers use lists of compromised user credentials to breach a system via malicious bots, based on the assumption that many users reuse usernames and passwords across multiple services.

See also: Alibaba anoints new chief in revamp of stalling commerce arm

Planners can protect themselves against credential stuffing by being wary of saving payment details on merchant websites. While this may be convenient, it can leave data vulnerable if the merchant is breached.

They should also practise good password hygiene by setting up different passwords for different sites. Alternatively, they can use a password manager to set up unique, difficult-to-guess passwords.

2. The last-minute scrambler, who snags deals at the very last moment

See also: Break up Google? What’s at stake in antitrust action

Most likely to fall for: Phishing

In their rush, the last-minute shopper is likely to accidentally click on untrustworthy links and fall prey to phishing scams. What appears to be an email from a reputable retailer with a coveted discount may be fraudulent, but the last-minute shopper does not have time to check.

Earlier this year, Singapore's most popular peer-to-peer sales platform was affected when attackers posing as legitimate buyers directed victims to a fake bank website where they would be asked to give their banking details to receive payment. This resulted in at least 72 people losing over $109,000

Last-minute shoppers should always verify the validity of sites before clicking on them or providing any personal information. They should also be alert to any potential errors in unsolicited emails. They must not proceed if it includes wrong information, or requests to enable macros, adjust security settings or install applications.

3. The bargain hunter, who would sift through various sites to get a substantial deal.

Most likely to fall for: Social engineering attacks

Attackers prey on buyers’ eagerness for a good deal by sending them fake offers that request for their personal data on a page, even impersonating legitimate tools like Google Analytics or Google Tag Manager to compromise code and steal valuable information, impacting shopping sites.

To stay ahead of the latest tech trends, click here for DigitalEdge Section

To protect themselves against social engineering attacks, bargain hunters should always verify the offer's validity and the sender's legitimacy. Using a good spam filter for emails, as the first barrier of defence against suspicious files and links, is also good practice.

4. The impulse Buyer, who often responds to time pressure to access a coveted item on a limited-time offer, at a price too good to refuse

Most likely to fall for: Brand impersonation attacks

Via fraudulent links, cybercriminals impersonate popular brands, tricking victims into sharing personal information, buying contraband products, visiting a fake website, downloading malware, and more. Exacerbating these trends is social media, where attackers can easily impersonate brands, engage with customers seeking to purchase items, and request for their personal details.

Impulse buyers should scrutinise links provided in emails and be on high alert if they are not pointing to the correct location or direct to a third-party site not affiliated with the brand. If in doubt, they should reach out to the brand on their official channels to verify offers before clicking on any links to make payments.

5. The researcher, who often has various browser extensions installed on their browsers to make quick comparisons before purchasing.

Most likely to fall for: Extension malware attacks

Cybercriminals hide viruses behind add-ons, which can then install advertisements, gather users' browsing history, and seek login credentials by impersonating famous apps and extensions. Malicious extensions could go undetected, especially if security software programs treat known extensions as trusted applications.

Most recently, attackers have been using information-stealing malware like FB Stealer, which mimics the harmless and standard-looking Chrome extension Google Translate, to prey on users. After effectively locking a user out of their Facebook account, attackers abuse access to ask the victim's friends for money.

To defend against extension malware attacks, buyers should only install extensions from official Web stores.

Retailers are responsible for providing a safe shopping experience too. “To ensure long-term loyalty, retailers must make every effort to keep shopper data safe. This could include deploying a bot solution to stop credential stuffing attempts early and using password managers and multi-factor authentication to secure users,” says Houari.

×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.