Amazon Prime Days is a summer rerun of Black Friday, Cyber Monday, and Christmas shopping – significant price reductions together with a concurrent increase of threat actor activity in the deep and dark web. Looking back, the December 2018 holiday shopping season generated 30 percent higher than usual threat traffic. Based on monitored Dark Web chatter, CyberInt Research expects similar results leading up to Amazon Prime Days and the days following.
To protect against threat actors using their brands to lure customers, retailers can follow these instructions:
Monitor subdomains
- Identify abandoned subdomains that may be claimed by threat actors and used for phishing, social engineering, and session hijacking.
- Claim domains with high similarity to yours that may mislead clients and be used by threat actors – for example Wallmart or Targett.
- Raise awareness among employees and customers regarding phishing attacks via email and websites
Promote your own apps
Apps mimicking the look and functionality of your brand’s official mobile app can trick users to install it and may cause a variety of malicious actions.
- Constantly seek out the fake apps and have them removed immediately.
- Recommend that your clients only download apps from recognized mobile app stores, such as Apple App Store, Google Play, and Amazon Appstore.
Check logins
Due to the significant increase in shopping traffic, it’s easier for cybercriminals to disguise their actions. Account checkers and credential stuffing attacks, which predominantly exploit password reuse across sites and use compromised data from third parties to attempt to access your service, are expected to increase during the next week or so.
- Limit the number of accounts that can be registered from one IP address in a certain period of time.
- Consider IP monitoring, blacklists, and restrict automated processes by using geo-location and/or IP address block lists to restrict access to only valid IP address ranges.
- Limit the number of login attempts per HTTP client.
Examine fraudulent activities
Retailers regularly face fraudulent refunds and inventory manipulation.
- Monitor your online assets to identify threats.
- Automatically cancel orders involved in fraudulent activity.
- Block accounts identified as the cause of these fraudulent activities.
- Have a strict return policy in place.
- Build and maintain a set of rules to identify fraudulent accounts and requests so you can block them before they are approved.
Educate your employees
Unfortunately, in many situations, employees are the weakest link and fall prey to social engineering attacks, like spear phishing. Employees with access to sensitive data need to be educated about the rising risks during peak shopping times.
- Increase customer awareness about the risks of password reuse, phishing, and brand appropriation.
- Install an AI solution to analyze behavior of normal customer connections to detect anomalous activities, with automated mitigation such as prompting the customer for an additional authentication.
- Invest in threat intelligence monitoring to detect credential dumps from third-party compromises before they become actual threats, giving them time to audit their own customers’ accounts for potential password reuse and allow for proactive measures to be taken, for example, forcing password changes and/or advising customers of the potential breach and dangers of password reuse.
- Managed threat intelligence monitoring can take investigations further to expose the threat actors’ identities, uncovering exact methods and techniques to try to prevent future fraudulent activities.