ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats
Online shoppers are blissfully unaware of credit card skimming threats and malicious shopping apps as they head into this year’s Black Friday and Cyber Monday holiday shopping events.
<div class="c-article__content js-reading-content"> <p>Despite being concerned about the security risks behind online shopping, consumers lack knowledge about some of the biggest retail risks – with more than half unaware of digital credit-card skimming threats posed by the Magecart group.</p> <p>In a new report this week, RiskIQ found that a full 64 percent of respondents are not aware of Magecart threats.</p> <p>Despite this statistic, shoppers are concerned overall about security as they turn to online shopping during this holiday season. According to the research, 85 percent are at least mildly concerned about their personal information being compromised when shopping through a website or browser; while 88 percent of shoppers are at least mildly concerned about the safety of mobile apps for retail purposes.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>“RiskIQ has found that the average length of a Magecart breach is 22 days,” said RiskIQ researchers in <a href="https://www.riskiq.com/blog/external-threat-management/consumer-shopping-report/" target="_blank" rel="noopener noreferrer">the report this week</a>, entitled Consumer Holiday Shopping Sentiment and Outlook 2020. “If you are to purchase on a compromised site during such a period of the breach, you will likely become a victim of credit-card theft.”</p> <h2><strong>Magecart: Lack of Awareness</strong></h2> <p><a href="https://threatpost.com/macys-data-breach-linked-to-magecart/150393/" target="_blank" rel="noopener noreferrer">Magecart</a> is an umbrella term encompassing several different threat groups who all use the same modus operandi: They compromise websites (mainly built on the Magento e-commerce platform) in order to inject card-skimming scripts on checkout pages, stealing unsuspecting customers’ payment-card details and other information entered into the fields on the page.</p> <p>Researchers recently reported that they have seen<a href="https://threatpost.com/8-city-gov-websites-magecart/156954/" target="_blank" rel="noopener noreferrer"> an uptick in the number of e-commerce sites </a>that are being attacked by Magecart and related groups, dovetailing with new tactics. Earlier in September, Magecart was seen <a href="https://threatpost.com/magecart-credit-card-skimmer-telegram-c2-channel/158851/" target="_blank" rel="noopener noreferrer">using the secure messaging service Telegram</a> as a data-exfiltration mechanism.</p> <div id="attachment_161564" style="width: 757px" class="wp-caption alignnone"><a href="https://media.threatpost.com/wp-content/uploads/sites/103/2020/11/24140538/retail-shopping-threats.png"><img aria-describedby="caption-attachment-161564" loading="lazy" class=" wp-image-161564" src="https://media.threatpost.com/wp-content/uploads/sites/103/2020/11/24140538/retail-shopping-threats.png" alt="Black Friday retail cybersecurity" width="747" height="341"></a><p id="caption-attachment-161564" class="wp-caption-text">Credit: RiskIQ</p></div> <p>“The data also indicates a general lack of knowledge of the prevalence of online card-skimming by Magecart actors,” said researchers. “The best way to avoid being victimized by Magecart is to avoid entering any payment information into any website. Instead, use third-party payment platforms like Amazon Pay and PayPal that have your credit-card details already saved.”</p> <p>In addition to avoiding manually entering their payment details online, shoppers should also be alert to deceptive domains, said researchers.</p> <p>“Hackers will engage in domain infringement, including but not limited to deceptively-spelled look-alikes or using a ‘.org’ when the real site uses ‘.com’ to con you into providing your sensitive information,” they said. “They may use this tactic in combination with other hacker go-tos like spear-phishing email campaigns.”</p> <h2><strong>Shopping Apps</strong></h2> <p>Researchers also said that 72 percent of respondents said they would download a shopping-related app if it offered a steep discount. In addition, 58 percent of consumers said they do not check who the developer is before downloading an app.</p> <p>“This leaves an easy way for hackers to siphon your data, as all they have to do is offer a discount to lure a customer in,” said researchers.</p> <p>They warned that consumers should always avoid downloading apps with ambiguous origins – such as ones not from official app stores like Google Play or the Apple App Store.</p> <p>Also, consumers should “ensure that an app developer or website has a strong reputation before downloading or visiting a domain—your data could be at stake,” said researchers.</p> <h2><strong>Shopping Threats </strong></h2> <p>Overall, experts anticipate holiday shopping during the 2020 Black Friday and Cyber Monday season to be largely carried out online, particularly with the COVID-19 pandemic this year keeping many in their homes. In fact, health concerns related to the pandemic, and convenience, were respondents’ two primary reasons for online shopping in the report.</p> <p>According to RiskIQ’s report, more than half (58 percent) of respondents plan to do 75 percent or more of their holiday shopping online this year. Of those who plan to shop online, 70 percent plan to primarily use a mobile phone.</p> <p>Various researchers and security agencies are warning consumers to beware of scams, phishing attacks and other cybersecurity threats ahead of shopping bonanzas like Black Friday and Cyber Monday, with the Cybersecurity and Infrastructure Security Agency (CISA) cautioning shoppers <a href="https://us-cert.cisa.gov/ncas/current-activity/2020/11/24/online-holiday-shopping-scams" target="_blank" rel="noopener noreferrer">in an advisory this week</a>.</p> <p>“With more commerce occurring online this year, and with the holiday season upon us, CISA reminds shoppers to remain vigilant,” according to the Tuesday alert. “Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.”</p> <p><strong><em>Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a </em></strong><strong><em><a href="https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3DDec_webinar&source=gmail&ust=1606400283333000&usg=AFQjCNHsEAMsUWq2zHphmeD-cVGOtIbakw">FREE Threatpost webinar</a></em></strong><strong><em> on </em></strong><strong><em>Dec. 16 at 2 p.m. ET. </em></strong><strong><em>Find out what’s coming in the ransomware world and how to fight back. </em></strong></p> <p><strong><em>Get the latest from world-class security experts on new kinds of attacks, the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. </em></strong><strong><em><a href="https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3DDec_webinar&source=gmail&ust=1606400283333000&usg=AFQjCNHsEAMsUWq2zHphmeD-cVGOtIbakw">Register here</a></em></strong><strong><em> for the Wed., Dec. 16 for this </em></strong><strong><em>LIVE webinar</em></strong><strong><em>.</em></strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats" data-url="https://threatpost.com/threatlist-cyber-monday-looms-retail-threats/161563/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/malware-2/">Malware</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/most-recent-threatlists/">Most Recent ThreatLists</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>
