PayThink

Holiday phishing is a lump of coal for merchants

Register now

Phishing attacks heat up right before the holidays as cybercriminals count on consumers being in a hurry when reaching for a coupon or trying to find a limited product online.

Spam emails with promises of big savings, free TVs and iPads or the hottest, most hard-to-get toys leave consumers with sugarplums dancing in their heads. So much so, that it is easy to immediately click on a bad link and inadvertently download malware that steals credentials, passwords and credit card information. Like the Grinch who stole Christmas, some shoppers don’t even see it coming.

Phishing spam, these professional-looking emails, were the most common method for cybercriminals to spread their ill will through malware in 2018, according to a report from F-Secure. The report reveals that spam accounts for nine out of every ten infection attempts and about 69 percent of spam campaigns tried to trick users into visiting malicious websites.
These attacks are one of the strategies cybercriminals use to snag consumer credit card or account information. They use this information to take over accounts, open new lines of credit or use the credit cards to steal goods and services online. So, it is also Christmas for cybercriminals.

To stay safe online, it is advisable to stick to known brands and retailers — making sure to be on the right website by checking the URL, looking for the security padlock and by checking to ensure that they are not forwarded to an anomalous URL for the payment.

At the same time, it is good practice not just during Christmas, but throughout the year to encourage consumers to check accounts and credit card statements regularly, including rewards points which are often a target for cybercriminals who can sneak away with them without being noticed for quite some time. Shoppers should keep an eye out for any anomaly on a retailer’s logo, a typo or other subtle change. Finally, make sure passwords are complicated and never used for more that one account.

While consumers should stay vigilant regarding the links they are clicking on, many online retailers are also protecting users from the most prevalent forms of fraud by implementing a multilayered approach that identifies real customers from fraudsters using stolen information.

With passive biometrics and behavioral analytics layers, merchants worldwide are determining if the legitimate user is accessing and transacting on the account or if it is a cybercriminal at work. Identifying customers by their online behavior — how they hold a device, how hard they type or how fast they read through web pages — can authenticate the real customer while blocking impostors or automated attacks that cycle credentials until they break through.

This multilayered security approach using passive biometrics and behavioral analytics can identify machines from humans, then separate good machines from bad, select known humans from unknown humans, and finally sort unknown humans demonstrating low-risk signals from unknown humans demonstrating high-risk signals.

This process lets organizations fast-track the known and low-risk users for an optimal experience, saving the friction and additional authentication methods for the highest-risk users. These layers validate the user through information that hackers can’t replicate, securing the good user’s transaction at every step. It opens the digital doors to a safe wonderland for shoppers and keeps the retailer's brand reputation intact.

For reprint and licensing requests for this article, click here.