Social Media Platforms Trigger 297% Increase In Phishing Attacks
Cyber criminals are now using new technologies and new selling platforms, like social media, to exploit online retailers and steal customer data.
According to the report, by Riskified and Intsights, there had been a 297% increase in phishing attacks that successfully stole data from innocent consumers.
The report looked at hundreds of thousands of illegal online purchases between the months of July and September in 2017. They found that cyber criminals were lured in by the abundance of new small to medium sellers with less than adequate cyber security.
The fraudsters would steal the data through impersonating the sellers. They would steal the credit card details from the buyers and use these details to make actual purchases of their own using the legitimate sellers.
As the buyer was intending to make a purchase, they did not miss the money until the product failed to arrive. In the meantime, the unsuspecting retailer fulfilled the order, sending the product to the fraudster.
In the retail world, the buyer now has a lot more protection here. Usually, the banking organisation will reverse the transaction with the buyer receiving their stolen money back. However, the retailer, usually small and independent, is left footing the bill as they do not have the money and have lost the product.
Fraud scams on this level can be extremely difficult to combat as cyber criminals can have an IP address from one country, use the stolen details to pay with a credit card from a separate country and request shipping and delivery almost anywhere in the world.
Itay Kozuch, Director of Threat Research of IntSights, said: “It is the most common way to obtain stolen credit-card numbers. Instagram has become one of the leading vehicles for fraudsters to execute phishing attacks, as it is still a relatively new and uncharted channel for merchants and therefore is an easy way to capitalize.”
Eido Gal, CEO of Riskified, said: “As eCommerce continues its explosive growth, fraud has followed suit, making it very difficult for merchants to distinguish good customers from bad actors.”
Kevin Mitnick, Founder of Mitnick Security Consulting, said: “Scammers can register a domain for pretty cheap that looks like some everyday retailers you might be familiar with,”
“Today, if they wanted to look like J.C. Penney, they could purchase JCPenny.US.com for just $21.”
“The first step to avoid phishing attempts is to be aware that these online attacks exist. Be extra cautious when you see a link. Have an extra healthy dose of paranoia. Stop, look and think before you click that link.”
As law firms, like the retail sector, look to utilise social media and technology more and more, they must remain vigilant to the fact that sophisticated information gathering processes through phishing attacks could pose a very real threat to the success of their business.
Have you experienced phishing threats? Are you able to identify phishing attempts on your business? Have you been a victim of cyber fraud?