Online shoppers can expect fraudsters to be at the height of their creativity during the 2016 holiday season.
The payments industry has been bracing for a fraud spike during this year's e-commerce shopping season because digital channels were left untouched by the security provided by the introduction of EMV-chip cards at the point of sale. But with more fraudsters descending on the Web, the bad guys are trying out new techniques to give themselves a leg up on their rivals.
In the same way criminals set up fake apps to take advantage of those during the Pokemon Go craze, they will now concentrate on creating fake e-commerce sites with fake bargains, said Liron Damri, chief operating officer at fraud prevention technology provider Forter.
"It's not a man-in-the-middle attack, where the hacker gets between the victim and the bank or retailer," Damri said. "In this attack, the fraudster acts like a reseller."
To do that, criminals create look-alike websites, or those that appear to be legitimate stores. Everything on the site appears similar to what you would see on a regular retailer site, except the product prices are lower — as a bait for their traps.
"Fraudsters invest in search engine optimization to show up in relevant search terms, and they buy ads on Google or Facebook, and they leave links to their sites on forums, review sites and comments in articles," Damri added.
As a transaction registration takes hold, fraudsters are being given up-to-date payment data enabling them to "go to town with someone else's account," Damri said.
Fake mobile apps will be more common, possibly even in Apple's App Store, which has a reputation as a relatively safe space for consumers because of Apple's strict vetting process.
"The criminals capitalize on this sense of security, of course, which made it more likely that consumers wouldn't look too carefully at whether the app they were downloading was Overstock or 'Overstock Inc.,'" Damri said.
The tactic echoes older Web-based crimes wherein fraudsters would purchase domain names that were similar to legit companies (such as "paypa1.com" with the L replaced by the numeral 1) in the hopes that consumers would not catch on to the difference.
As a guide for merchants, Forter developed a "fraudster wish list" for the 2016 holiday shopping season, citing the stolen products scammers are most likely to sell at a low price or post on a totally fake site as a ruse to obtain payment card information. This list includes designer watches and handbags, Apple computers and Android phones, as well as digital goods and virtual gift cards.
Tel Aviv-based Forter secured $30 million in a funding round in April, eyeing the financial boost as a way to expand its services in the U.S.