Every holiday season, like clockwork, cyber-attacks increase. Consumers fall victim to identity theft and companies are at risk of losing confidential customer information. Sadly, this trend is doing nothing but accelerating.
Particularly in a year where more online shopping is happening than ever and a pandemic is worsening just in time for the holiday shopping season (forcing more consumption to be done online), the risk is greater than ever.
To mitigate risk, it is important to first understand it. To that end, below are two common cyber threats that could victimize retailers this holiday season.
Common Attack Types
With hundreds of millions of shopping website visits occurring daily during Thanksgiving weekend and the following month, online retailers need to take special precautions to secure their systems and the information of customers. Start by assessing your security risk today.
A partnership with an experienced cybersecurity provider like Liss Technologies starts with an assessment of your current security profile. What vulnerabilities currently exist? How can they be patched? How will security improvements impact your processes, if at all? We will answer all of these questions then configure your technology from the ground up with an emphasis on security without sacrificing flexibility or usability.
Web-Skimming
The objective of a web-skimming attack is to obtain confidential customer information. Usually payment information by breaking directly into the back end of a website. By utilizing the site’s own code—often obtained through other attack vectors—or through custom code and third-party javascript, a hacker can retrieve and siphon credit card numbers, login information, or personal identification to their own systems.
Though this type of attack could be effective at any time throughout the year, maximum benefit can be achieved by launching an attack during the holiday season. Why? It’s simple: more customers and users equals more information to steal.
Because it’s only a matter of time before malicious code is detected, cybercriminals will wait to inject code during a time that yields more profit. During the holidays is that time, with more people buying items online and thus sharing more sensitive information. These attacks are generally detected soon after they are launched—provided you have the correct security tools and partners in place—but vast amounts of data can be stolen before the attack has finished.
Bot Attacks
A bot is exactly what it sounds like and generally takes the form of simple programs or AI that navigate a website in a variety of ways that cause havoc, especially for retailers. Well-designed attacks use bots that are programmed to mimic human behavior—simulating scroll speed and common browsing habits—which enables them to avoid detection.
These attacks can serve a variety of functions, including acquiring consumer data, blocking access to certain pages, and preventing the sale of inventory. For example, a bot could hold inventory in shopping carts, preventing their sale, frustrating a retailer’s efforts to make it into the financial black—where Black Friday gets its name.
