News • 12.07.2019

5 tips for retailers to protect their online customers

Amazon Prime Days inspire cybercriminals to shop for victims

Fingers typing on a keyboard, picture colored in dark red; copyright:...
Source: panthermedia.net/Stevanovicigor

Amazon Prime Days is a summer rerun of Black Friday, Cyber Monday, and Christmas shopping – significant price reductions together with a concurrent increase of threat actor activity in the deep and dark web. Looking back, the December 2018 holiday shopping season generated 30 percent higher than usual threat traffic. Based on monitored Dark Web chatter, CyberInt Research expects similar results leading up to Amazon Prime Days and the days following.

To protect against threat actors using their brands to lure customers, retailers can follow these instructions:

Monitor subdomains

  • Identify abandoned subdomains that may be claimed by threat actors and used for phishing, social engineering, and session hijacking.
  • Claim domains with high similarity to yours that may mislead clients and be used by threat actors – for example Wallmart or Targett.
  • Raise awareness among employees and customers regarding phishing attacks via email and websites

Promote your own apps

Apps mimicking the look and functionality of your brand’s official mobile app can trick users to install it and may cause a variety of malicious actions.

  • Constantly seek out the fake apps and have them removed immediately.
  • Recommend that your clients only download apps from recognized mobile app stores, such as Apple App Store, Google Play, and Amazon Appstore.

Check logins

Due to the significant increase in shopping traffic, it’s easier for cybercriminals to disguise their actions. Account checkers and credential stuffing attacks, which predominantly exploit password reuse across sites and use compromised data from third parties to attempt to access your service, are expected to increase during the next week or so.

  • Limit the number of accounts that can be registered from one IP address in a certain period of time.
  • Consider IP monitoring, blacklists, and restrict automated processes by using geo-location and/or IP address block lists to restrict access to only valid IP address ranges.
  • Limit the number of login attempts per HTTP client.

Examine fraudulent activities

Retailers regularly face fraudulent refunds and inventory manipulation.

  • Monitor your online assets to identify threats.
  • Automatically cancel orders involved in fraudulent activity.
  • Block accounts identified as the cause of these fraudulent activities.
  • Have a strict return policy in place.
  • Build and maintain a set of rules to identify fraudulent accounts and requests so you can block them before they are approved.

Educate your employees

Unfortunately, in many situations, employees are the weakest link and fall prey to social engineering attacks, like spear phishing. Employees with access to sensitive data need to be educated about the rising risks during peak shopping times.

  • Increase customer awareness about the risks of password reuse, phishing, and brand appropriation.
  • Install an AI solution to analyze behavior of normal customer connections to detect anomalous activities, with automated mitigation such as prompting the customer for an additional authentication.
  • Invest in threat intelligence monitoring to detect credential dumps from third-party compromises before they become actual threats, giving them time to audit their own customers’ accounts for potential password reuse and allow for proactive measures to be taken, for example, forcing password changes and/or advising customers of the potential breach and dangers of password reuse.
  • Managed threat intelligence monitoring can take investigations further to expose the threat actors’ identities, uncovering exact methods and techniques to try to prevent future fraudulent activities.
Source: CyberInt

related articles:

popular articles:

Thumbnail-Photo: CCVStore – Home of your Apps
01.01.2020   #mobile payment #app

CCVStore – Home of your Apps

How Android is revolutionising the way we pay for things

Using a smartphone to pay will sooner or later be a part of everyday life; smartphones are already firmly anchored in the private and working lives of generations X, Y and Z.As consumers rely more and more on smartphones and their countless uses in ...

Thumbnail-Photo: Compact for security
17.01.2020   #security #shopfitting

Compact for security

A new security antenna system specifically designed for convenience stores

Retail security systems to prevent theft are a big concern for retailers. Large supermarkets and clothing stores install EAS antennas at the entrance and/or exit areas. Installing this type of feature proves more challenging for stores with a ...

Thumbnail-Photo: Effective and Independent
12.02.2020   #epos systems #cashpoints

Effective and Independent

Present and future of self-checkout

Better use of personnel, lowering overhead costs while still providing customers with a smooth and seamless shopping experience – that’s what every retailer strives to accomplish. For Thomas Dibbern, CEO of ALMEX GmbH, there is an ...

Thumbnail-Photo: Epta on the podium of the German Design Awards 2020...
10.12.2019   #design #refrigeration cabinets

Epta on the podium of the German Design Awards 2020

Excellent prodcut design with OutFit and Mozaïk, combining functionality and aesthetics

Epta wins the prestigious German Design Award for the second time, the award given to projects that merge functionality and utility, aesthetics and quality. The OutFit family under the Costan brand and Mozaïk under the Bonnet Névé ...

Thumbnail-Photo: The cash register capable of everything
18.02.2020   #epos systems #customer satisfaction

The cash register capable of everything

Flexible use from manned checkout to self-checkout point

Customers walking through the store with their own cash register on hand? This versatility of shop technology and shop fittings corresponds to the change in brick and mortar retail. MAGO wants to help retailers to meet this challenge with ...

Thumbnail-Photo: Light up the future with Posiflex at EuroShop 2020...
11.02.2020   #kiosk terminals #Trade fair special EuroShop 2020

Light up the future with Posiflex at EuroShop 2020

Serviced IoT solutions: personalized, flexible and connected

The Posiflex Group, a synergy of world-leading POS, kiosk, and industrial computing technologies — will bring its Serviced IoT solutions to EuroShop 2020, the leading Europe trade fair for the retail industry, from February 16th – 20th ...

Thumbnail-Photo: ARNEG GROUP: from Sharing Avenue to Melting Pot...
09.12.2019   #refrigeration cabinets #Trade fair special EuroShop 2020

ARNEG GROUP: from Sharing Avenue to Melting Pot

The sharing road leads a long way

At the 20th edition of Euroshop, the Arneg Group is expressing its cosmopolitan soul on a kaleidoscopic stand that embodies the concept of sharing, interpreted as a virtuous fusion of competence, experience and vision capable of generating change ...

Thumbnail-Photo: Self-service for faster checkout
01.01.2020   #epos systems #brick and mortar retail

Self-service for faster checkout

“Moments that Inspire”: Toshiba shows at EuroShop stationary as well as mobile solutions

In the future, there will be the Frictionless Store – no scanning, no hassle for the consumers. But consumers do not want to wait until this can become reality everywhere. The payment process should already be fast and convenient today.At ...

Thumbnail-Photo: Cutting through the tax jungle
25.02.2020   #online trading #e-commerce

Cutting through the tax jungle

Startup helps online retailers to be fully compliant with European VAT regulations

Anyone who sells goods online is obliged to pay value-added tax (VAT). The amount depends on the respective national regulations. But what happens if you have cross-border exports and transactions? How much VAT do sellers have to pay in this case ...

Thumbnail-Photo: Wireless with SVN-Flex from SALTO
20.01.2020   #security #security management

Wireless with SVN-Flex from SALTO

SALTO has launched SVN-Flex, a new technology that enables virtual networked access control solutions

In the solutions wireless electronic escutcheons and cylinders act as wire-free updaters. This leads to greater efficiency, security and convenience.The innovation of the SVN-Flex is that users no longer necessarily need hard-wired wall readers to ...

Supplier

ARNEG S.p.A.
ARNEG S.p.A.
Via Venezia, 58
35010 Marsango di Campo San Martino/PD
Axis Communications GmbH
Axis Communications GmbH
Adalperostraße 86
85737 Ismaning
APG Cash Drawer (Germany)
APG Cash Drawer (Germany)
Leichtmetallstr. 22a
42781 Haan-Gruiten
Frost-Trol s.a.
Frost-Trol s.a.
Ctra. Valencia-Barcelona, km. 68,9
12080 Castellon
Allgeier Enterprise Services
Allgeier Enterprise Services
Westerbachstr. 32
61476 Kronberg im Taunus
GLORY Global Solutions (Germany) GmbH
GLORY Global Solutions (Germany) GmbH
Thomas-Edison-Platz 1
63263 Neu-Isenburg
HappyOrNot
HappyOrNot
Innere Kanalstraße 15
50823 Köln
Checkpoint Systems GmbH
Checkpoint Systems GmbH
Ersheimer Str. 69
69434 Hirschhorn a. Neckar
StrongPoint
StrongPoint
Isafjordsgatan 5
164 40 Kista