Security experts urge caution when shopping online during DSS 2021

(MENAFN- Khaleej Times)

Retailers and customers need to stay alert when they are shopping online during busy holiday periods and festivals such as the ongoing Dubai Summer Surprises (DSS 2021), security experts warned.

Busy holiday periods that are characterised by a large number of deals and sales are active grounds for cybercriminals, experts explained. Tactics most commonly used by cybercriminals during this period include impersonating popular brands to dupe shoppers.

“With the UAE in the middle of its annual peak shopping season - the Dubai Summer Surprises - online retailers and their customers need to remain on high alert for cyberattacks,” said Werno Gevers, cybersecurity specialist at Mimecast.

Based on Mimecast’s threat monitoring, global brand impersonation e-mails directed at Mimecast customers rose by 44 per cent in 2020 to reach an average of nearly 27 million e-mails per month. Since this only accounts for Mimecast customers, the actual scale of the problem is likely far worse, Gevers pointed out.

“The more popular the brand, the more likely it will be co-opted into cybercriminals' nefarious plans,” he explained.“Companies on the Brandz Top 100 Most Valuable Global Brands 2020 index experienced a massive 381 per cent increase in brand impersonation attacks during the two months of May and June 2020 compared to January-February, before the pandemic struck. During the same period, the number of new domains suspected of brand impersonation spiked by 366 per cent.”

The result? Customers are increasingly being duped, with monthly clicks on dangerous links by unsuspecting shoppers soaring by 84.5 per cent over the course of the year.

Emad Haffar, head of Technical Experts, META region, Kaspersky, explained that, recently, the world has witnessed a spike in coronavirus cases, hence making people more reluctant to hit brick and mortar retailers for their shopping needs. However, with a busy shopping period, and attractive offers boosted by DSS, customers are enticed to shop.

“It is no surprise that fraudsters will be watching armed with their maleficent cyber-tactics to take advantage,” Haffar said.“The ways to outsmart them are fairly simple, shoppers need to take simple precautions to protect themselves, like not clicking on links included in e-mails, use different passwords for different sites, carefully check the e-mail and website address, not give away personal information especially when it feels unnecessary, and, of course, protect their devices with a proper security solution that could detect and block the vast majority of such scams.”

Cybercriminals are always paying close attention to trending topics and can create phishing websites specific to individual areas of interest, he added.“Cybercriminals can lure individuals into a false sense of security by having them believe they have bagged a great deal. To avoid this, Kaspersky would advise that shoppers are vigilant and do not expose themselves to attacks by accessing unsecured, public Wi-Fi, logging onto a fake website, or clicking a link in an e-mail promising exclusive deals.”

Phishing attacks are becoming one of the most successful online attacks, and, in March of this year, Kaspersky uncovered cybercriminals targeting online shoppers looking for deals on Mothers’ Day gifts. A common phishing method prompts users to choose between a selection of anonymous gift boxes, and stand the chance to win a prize, such as a gift card, simply by participating in a short survey. Since users are most likely looking for a gift online anyway, an attempt to win a gift card seems like a harmless diversion, and that is when the cybercriminals strike.

Srinivasa Raghavan, product manager at Site24x7 – ManageEngine, noted that with Dubai Summer Surprises underway, most e-commerce servers are running a large volume of background tasks and handling a sea of traffic. In situations like these, security failures are bound to happen from time to time.

“While security failures may be understandable from a security professional's perspective, consumers rarely feel as empathetic when they learn their private information has been exposed,” he said.“To mitigate this issue, you should monitor your servers to keep track of what’s changing, what's being accessed, and when. It’s also important to monitor the logs generated by servers, applications, and security devices. With the huge load of traffic your servers are about to experience, keeping a close eye on these logs will help ensure your infrastructure stays as secure as possible.”