08 Dec 2021 • 10 min read
08 Dec 2021 • 10 min read
Scammers need a good story to get to your wallet, while Christmas is good timing for telling a story. According to the state of security within eCommerce 2021 of Imperva, bots carried out more than half (57%) of all attacks documented on retail websites in 2021, a significant difference when compared to all industries (33%).
Image from Imperva
Bot attacks are an ever-present and significant threat to all online retail websites. It comes in many different attack scenarios, especially during the shopping season, including account takeover, web scraping by competitors, gift card abuse by scalpers, credit card fraud, and more. The global epidemic of COVID-19 over the past two years, it has created the dream timing and setting for bot attacks, with more people relying more and more on working and living online, and more money bound up in personal accounts online than ever before.
Image from Unsplash
Between September and October 2020, Imperva Research Labs observed a 788% rise in malicious bot traffic to retail websites worldwide. Malicious bots like scalping will be a disruptive factor again during the holiday shopping season as more people rely on online shopping and demand for limited edition products always stays strong.
More shopping online means more package deliveries for consumers during the shopping season.
Generally, you will receive an email from an online store after your order to let you know when the package has shipped.
But sometimes you receive an email from a retailer claiming there has been a problem with your package or something about needing to download an attachment and confirm your address with real company logos and e-mail addresses that look authentic, leading you to a link. You're likely to click and check on it while you don't realize it's a fake email, which is why scammers go to great lengths to make their phony delivery notices look legitimate.
When reading the email, double-check to see if the email actually contains your name and order number before you click on any links. Meanwhile, you could hover your mouse over a link without clicking to see where that link will take you. If the destination isn't what the link claims, do not click on it.
Image from Unsplash
Do not open an e-Card from an unknown party asking you to click on a link that might carry malicious bots that may lead to data breaches and economic loss. Your computer or mobile may then start displaying constantly flashing ad images, barrage you with pop-up ads, launch adult websites, or start sending bogus eCards to those in your address book that appear to send from you.
In addition, during Christmas, parents should be careful of a fake letter with cash rewards or an attractive gift from Santa to a child. As the saying goes: If something seems too good to be true, it probably is. Some offers may seem legitimate, but many scammers use this as a ruse to bot your sensitive personal information and bank account information.
Gift card survey scams are when you receive an email or a text message inviting you to complete a customer satisfaction survey which only takes you a few minutes or simple steps, then you will get a gift card.
After you complete the survey, the site says you are now entitled to your prize. However, it always indicates that the $100 gift card is 'out of stock,' so you are instructed to choose one of several dubious products listed.
In another version of a gift card scam, the 'customer survey' asks for private personal information, like your address and bank account number. What is certain is that the purpose of the scammers is identity theft.
There is another very old scam that people are still falling for. During the Christmas season, you may receive emails from other businesses that look like you visit regularly, and if you click on the email in the email, you may find that the site you go to looks like the site you visit regularly. However, it doesn't. These sites are made by scammers to entice people to download malware, make dead-end purchases, and share private information.
For individuals, make sure you:
As Retail Business Owners, more and more retailers trust CAPTCHA. There are a lot of leading retailers protecting their online stores with GeeTest CAPTCHA v4-Adaptive Verification, like SHEIN, eBay, Xiaomi, etc. In terms of security, GeeTest CAPTCHA v4 adapts to various bot attacks through dynamic and active security strategies in real time. Compared with the previous generations, CAPTCHA v4 increases the absolute attack cost of attackers by 3.714 times.es the absolute attack cost of attackers by 3.714 times.
Subscribe to our newsletter