News • 12.07.2019

5 tips for retailers to protect their online customers

Amazon Prime Days inspire cybercriminals to shop for victims

Fingers typing on a keyboard, picture colored in dark red; copyright:...
Source: panthermedia.net/Stevanovicigor

Amazon Prime Days is a summer rerun of Black Friday, Cyber Monday, and Christmas shopping – significant price reductions together with a concurrent increase of threat actor activity in the deep and dark web. Looking back, the December 2018 holiday shopping season generated 30 percent higher than usual threat traffic. Based on monitored Dark Web chatter, CyberInt Research expects similar results leading up to Amazon Prime Days and the days following.

To protect against threat actors using their brands to lure customers, retailers can follow these instructions:

Monitor subdomains

  • Identify abandoned subdomains that may be claimed by threat actors and used for phishing, social engineering, and session hijacking.
  • Claim domains with high similarity to yours that may mislead clients and be used by threat actors – for example Wallmart or Targett.
  • Raise awareness among employees and customers regarding phishing attacks via email and websites

Promote your own apps

Apps mimicking the look and functionality of your brand’s official mobile app can trick users to install it and may cause a variety of malicious actions.

  • Constantly seek out the fake apps and have them removed immediately.
  • Recommend that your clients only download apps from recognized mobile app stores, such as Apple App Store, Google Play, and Amazon Appstore.

Check logins

Due to the significant increase in shopping traffic, it’s easier for cybercriminals to disguise their actions. Account checkers and credential stuffing attacks, which predominantly exploit password reuse across sites and use compromised data from third parties to attempt to access your service, are expected to increase during the next week or so.

  • Limit the number of accounts that can be registered from one IP address in a certain period of time.
  • Consider IP monitoring, blacklists, and restrict automated processes by using geo-location and/or IP address block lists to restrict access to only valid IP address ranges.
  • Limit the number of login attempts per HTTP client.

Examine fraudulent activities

Retailers regularly face fraudulent refunds and inventory manipulation.

  • Monitor your online assets to identify threats.
  • Automatically cancel orders involved in fraudulent activity.
  • Block accounts identified as the cause of these fraudulent activities.
  • Have a strict return policy in place.
  • Build and maintain a set of rules to identify fraudulent accounts and requests so you can block them before they are approved.

Educate your employees

Unfortunately, in many situations, employees are the weakest link and fall prey to social engineering attacks, like spear phishing. Employees with access to sensitive data need to be educated about the rising risks during peak shopping times.

  • Increase customer awareness about the risks of password reuse, phishing, and brand appropriation.
  • Install an AI solution to analyze behavior of normal customer connections to detect anomalous activities, with automated mitigation such as prompting the customer for an additional authentication.
  • Invest in threat intelligence monitoring to detect credential dumps from third-party compromises before they become actual threats, giving them time to audit their own customers’ accounts for potential password reuse and allow for proactive measures to be taken, for example, forcing password changes and/or advising customers of the potential breach and dangers of password reuse.
  • Managed threat intelligence monitoring can take investigations further to expose the threat actors’ identities, uncovering exact methods and techniques to try to prevent future fraudulent activities.
Source: CyberInt

related articles:

popular articles:

Thumbnail-Photo: Silver Surfers: Older adults ride the wave of mobile technology and shop...
01.08.2019   #online trading #e-commerce

Silver Surfers: Older adults ride the wave of mobile technology and shop online

The increasing importance of e-commerce for senior citizens

You are wrong if you think it’s mostly young people who spend time online. Older adults are also increasingly embracing online shopping with enthusiasm.In this interview, Spencer Hinzen, Director of Sales, Central Region, Ruckus Networks, ...

Thumbnail-Photo: Nets and Swish partner on in-store payments pilot...
23.07.2019   #mobile payment #mobile terminals

Nets and Swish partner on in-store payments pilot

Bluetooth tech enables scalable instore payments for mobile payment app

Nets, a European payments company, and Swish, the number one payments app in Sweden, announce their collaboration on an in-store payments pilot program.Until now, Swish has mostly been used for account-to-account transactions and, more recently, ...

Thumbnail-Photo: Retail service robots – helper or footfall generator?...
22.07.2019   #pos marketing #services

Retail service robots – helper or footfall generator?

Using drag and drop to train the new coworker

Many of us know their faces, even if we have never met them in person. One of these faces belongs to Pepper, the humanoid robot. It has fast become a media star. ...

Thumbnail-Photo: Spar: opening in Copenhagen
30.10.2019   #electronic shelf labels (ESL) #price labelling

Spar: opening in Copenhagen

International Flagship-Store opens for business in Sydhavn, in the South of Copenhagen

On August 22nd, the grocery chain Spar opened its doors to a brand new store with international concepts in the South of Copenhagen area, Sydhavn. The new store offers a modern shopping experience where it should be easy, convenient and enjoyable to ...

Thumbnail-Photo: When customers become cashiers
01.10.2019   #epos systems #mobile payment

When customers become cashiers

Treading a fine line between traditional and visionary, between checkouts and codes

For years, we have done this in online stores: we fill our shopping cart, click to pay and are excited about our purchase. Thanks to the snabble app - now available at the Knauber Hobbymarkt in Bonn and at IKEA in Frankfurt – consumers can ...

Thumbnail-Photo: Innovative ICA store triples revenue
22.08.2019   #electronic shelf labels (ESL) #price labelling

Innovative ICA store triples revenue

Automatic price updates and product information at the shelf

Since ICA merchant, Jan Sikström, took over the ICA Ettan store in Sundsvall (Sweden) in 2016, he has almost tripled the turnover from SEK 15 million to SEK 40 million. Today, the store has 15 employees and approximately 5,000 different items ...

Thumbnail-Photo: The iXtenso editors tested self-scanning ......
30.09.2019   #mobile payment #self-checkout systems

The iXtenso editors tested self-scanning ...

... with an app of the Hobbymarkt Knauber in Bonn, Germany

Snabble has developed a payment app that allows customers to scan their purchases in retail stores and pay online. I wondered: How does it work?The app is in use in the Bonn DIY and hobby market Knauber, among other places. Let’s make a move ...

Thumbnail-Photo: drs//POS – The POS system for many check-out situations...
13.09.2019   #pos systems #cashpoints

drs//POS – The POS system for many check-out situations

With the POS system developed by Superdata you are put in the picture

The POS acts as an ear in the store. It affects how timely, and with what information, decision makers at the head office are in a position to assess developments in the store and are able to respond appropriately to the situation.With our POS ...

Thumbnail-Photo: Pay cash? Via code!
26.08.2019   #mobile payment #app

Pay cash? Via code!

Shop online, pay the bill offline

Barzahlen.de relies on good old cash. The concept of the Berlin start-up: shop online, pay in cash at the store. Swimming against the trend of fast online shopping and mobile payment is paying off, says Weina Wang, Head of Retail. In an interview, ...

Thumbnail-Photo: Mobile payments at the supermarket checkout
05.08.2019   #mobile payment #smartphone

Mobile payments at the supermarket checkout

An early adopter’s experience of mobile payments

Or: "What’s that you’re doing with your watch?“I still remember the first time I used mobile payment technology and paid for items with my smartphone at a supermarket checkout: It was October 17, 2018, exactly seven days after ...

Supplier

iXtenso - Magazin für den Einzelhandel
iXtenso - Magazin für den Einzelhandel
Celsiusstraße 43
53125 Bonn
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Superdata GmbH
Superdata GmbH
Ruhrstr. 90
22761 Hamburg