Over the last couple of years, consumers in the region have slowly pivoted to online merchants for all their shopping. As a case in point, according to a report from Visa Middle East, ecommerce sales in the UAE are estimated to grow at a CAGR of 23 per cent annually between 2018 and 2022.
And these projections were before COVID-19 — with the outbreak of the pandemic, there has been an exponential growth due to the limitations of physical shopping, social distancing, and convenience of ordering from a smart device with minimal COVID-19 risk.
With far greater numbers preferring online shopping for holiday sales, it creates a predictable risk. As an example, consider how effective a phishing attack targeting consumers who plan to purchase electronics from a regional retailer can be if the email template is identical to a real advertisement but the URLs have been spoofed to capture credentials for fraudulent sales.
Read More
Open season for attacks
Against this backdrop, I do expect the threats from cybercriminals to intensify this holiday season. Individuals in many countries are still experiencing work-from-home mandates and several countries are now reentering lockdown.
This pattern with continue through the holiday season. And with people looking for entertainment and social outreach, the Internet will be flooded with new attacks targeting individuals looking for an outlet to the world.
People have more time on their hands than ever before and surfing the web is just one medium they have been using. With that, threat actors will leverage the information they crave the most to craft their attacks.
Falling easy prey
The most common mistakes people make when it comes to their personal cyber security, as it relates to general internet use and online shopping, are:
• Reusing passwords on multiple sites. Every site should be unique;
• Using simple or guessable passwords;
• Using the same email account for shopping, work, and/or financial transactions;
• Not applying security updates to their browser, computer, or mobile device;
• ‘Jail-breaking’ their mobile device, leaving it exposed to advanced attacks;
• Using their computers with administrative rights in lieu of a standard user;
• Clicking on links in emails or webpages that could lead to malicious content’ and
• Sharing accounts with others, something we typically see for streaming services.
To that end, I recommend consumers follow a few basic security practices, when shopping online this season, to protect against cybercriminals and ensure they don’t fall prey to attacks.
Mandatory steps
• Do not purchase any merchandise online with a debit card and minimize any direct credit card usage;
• Make online purchases with a third-party proxy like PayPal or Apple Pay that is linked to a credit card or debit card to provide an extra layer of financial protection;
• Do not allow the merchant to save your payment information for future usage;
• When creating accounts for online merchants, make every password unique. Do not share or reuse them; and
• When receiving email-based ads for sales, do not click on the links. Navigate to the site directly in your browser.
Remember, if the sale price is too good to be true, it is probably a scam. This is especially true for sites that you have never used before.
– Morey Haber is CTO at BeyondTrust.