When it comes to cybercrime, online fraud attacks have their seasonal trends, and can almost be expected to rise and fall every year. There is tax season phishing and fraud, the summertime's drop in activity, and most of all – holiday season ecommerce and malware attacks.
Cybercriminals take the holiday season seriously and prepare well in advance for their online shopping sprees, banking on Black Friday, Cyber Monday, and every other part of the shopping season. The reasons are easy to understand: criminals will try to get lost in the shuffle, taking advantage of the barrage of online transactions that come during the most wonderful time of the year.
In 2015, the holiday season was named the biggest cybercrime Christmas ever, with online retailers in Europe stopping more than 45 million attempted online attacks over the period of a mere three months.
This year, analysts forecast a 10% rise in overall shopping spend, most of which is expected to take place online – in digital and mobile sales, where a 25% rise is predicted. In numbers, digital sales are expected to hit $94.71 billion this Christmas period, according to research firm eMarketer.
Digital shopping is great for consumers and retailers alike, but as expected sales rise, so do the losses attributed to fraudulent purchases. ACFE research indicates that fraud takes an estimated 20 percent uptick during the holiday season.
In 2015, retailer losses in the U.S. reportedly reached $2.2 billion in holiday return fraud alone. That's without counting untold numbers of phished credentials, banking Trojan attacks, and account takeover fraud cases that can carry out well into the year ahead. Retailers surveyed said that about 3.5% of holiday returns are fraudulent – bounce that number off the expected $95 billion in sales this year, and we are looking at a forecasted minimum of $3.3 billion in losses for 2016. That's a whopping 50% increase year over year.
But how can the legitimate deluge of online sales be accommodated and the illicit one be stopped? In the U.S., retailers hire around 740,000 part-time workers for the warehouse and fulfillment centers, as well as e-commerce support. While this is a great news for consumers who will get their orders on time, retailers should also focus on hiring more fraud specialists during the season if they want to minimize cybercrime losses. And to avoid recruiting serial fraudsters, start ahead and don't cut corners – background checks and training for ethical conduct should be in place even for entry level employees. Better yet, hire certified staff.
The larger retailers already have that sense of urgency, and are indeed posting job ads to recruit fraud screening specialists and fraud prevention reps. The small to medium retailers, those who are considered the lower hanging fruit for cybercriminals, are likely not doing the same.
If your organization is a smaller one, don't be tempted to relax fraud procedures in order to accept more orders this season. Lowering stringent fraud controls can sometimes result in employees succumbing to holiday spending stress, and fraudsters realizing your business is easier to defraud.
The holidays are known to be a time for cybercriminals to exploit the poor security habits of unaware shoppers, but they are even more of a time for them to exploit unprepared merchants.
Count on cybercriminals to come prepared this year with tricks and wares on all levels of sophistication. From the shallow to the advanced phishing attacks, threatening new banking Trojans, and mobile malware apps designed to facilitate card and online banking fraud.
The underground is replete with Christmas-themed cybercrime offerings every year, and 2016 will be no different. How is your organization preparing?
