The holiday shopping season is just about here, and with that comes an inundation of digital advertisements and marketing from brands of all sizes. But for every legitimate ad out there, a hacker is trying to use a well-known business's name and logo to pull in consumers and steal their credit card information.
While consumers, of course, suffer from these scams, they aren't the only ones: The stores and business themselves also take a hit from e-commerce fraud.
"When hackers impersonate a trusted brand, consumers say, 'Shame on the retailer,'" said Dylan Sachs, director of incident response at brand management and technology firm BrandProtect. "A cyberattack diminishes the brand's value for the consumer."
"The folks who are preying on Cyber Monday shoppers have done their homework and know who they can target," added Greg Mancusi-Ungaro, BrandProtect's chief marketing officer.
Ultimately, it is up to businesses to protect their operations — and therefore, their customers — against fraudulent activity, especially during the busy shopping season.
"The number one key to reducing fraud is to not let them be profitable," said John Canfield, VP of risk at online payment solutions provider WePay. "It is not possible to 100 percent stop fraudsters in every step [of the process], but as long as you can stop them at some point in the chain and stop them from profiting, you will discourage fraudsters and they will move elsewhere."
Our expert sources offered the following tips to help businesses avoid falling victim to e-commerce fraud this holiday season:
Continually monitor social media. Though hackers can strike in many places, these cybercriminals often target social media. Therefore, guarding your brand's social media accounts is one of the first lines of defense against fraud. If your business is tweeting about Black Friday or Cyber Monday sales, or retweeting other brands, be sure that any URLs point to legitimate, trusted websites.
"Right now, account takeover is a major threat," said Canfield. "Social engineering is getting more targeted and more sophisticated, often using social media platforms as a way to initiate contact prior to phishing attacks."
Stay on top of current events. Sachs noted that spam tactics change significantly during the holiday season, with hackers capitalizing on time-sensitive current events and charity-related scams. While most spam filters will catch obvious phrases like "Act now!" and "Great offer!" from unknown senders, consumers and businesses alike should be on high alert for more sophisticated malicious emails claiming to be from respected brands.
Watch your employees. An unsuspecting employee doing holiday shopping at work or opening infected email attachments is one of the leading causes of malware attacks. Vigilant employee monitoring, and education on what to watch out for, could prevent the serious data breaches that allow cybercriminals into your system, said Mancusi-Ungaro.
While there aren't necessarily e-commerce fraud trends that make it easier to know when fraud is most likely to hit, having good internal tracking of fraud losses is important, said Canfield. He added that this can be tricky because there can be a time gap — weeks, or even months — between when fraud occurs and when you receive the loss.
It is difficult to recover funds that are already lost, said Canfield. If fraudsters do get through your defenses, your priority is to rapidly adapt and improve your defenses, he said. "The best defense is prevention."
Additional reporting by Nicole Taylor. Some source interviews were conducted for a previous version of this article.