Blog

This holiday shopping season was a boon for retailers, who raked in a record $1 trillion, an incredible increase of nearly $300 billion from 2018. Meanwhile, overall online sales increased 13%, while Black Friday and Cyber Monday saw 17% and 19% increases, respectively. 

But online holiday shopping is a goldmine for more than just e-commerce businesses—threat actors try to get a piece of every dollar that consumers spend. Over the 2019 holiday shopping frenzy, these cyber-crooks used the brand names of leading e-tailers, as well as the poor online security hygiene of consumers, to pocket some of these earnings for themselves.

According to RiskIQ research, their success relied heavily on targeting shoppers who were eagerly searching for deals, sales, and coupons with fake mobile apps and landing pages. These rogue assets trick users into unknowingly downloading malware, using compromised sites, or giving up their login credentials and credit card information. Magecart actors, who compromise e-commerce websites with JavaScript credit card skimmers, were also active over the holidays hoping to turn increased e-commerce site traffic into a larger pool of victims. 

To understand the methods threat actors employed and where they focused their efforts, RiskIQ analysts using RiskIQ Illuminate®—our platform housing petabytes of internet intelligence collected over the past decade. They efficiently surface malicious findings across several data sets, including mobile applications, domain registrations, JavaScript Threat detections, and hosting infrastructure. RiskIQ’s crawling technology covers more than 2 billion daily HTTP requests, hundreds of locations across the world, 40 million mobile apps, and 600 million domain records.

Example of malicious holiday app

During this research, RiskIQ analysts focused on the ten-most trafficked e-commerce sites over the holiday season—brands people are incredibly likely to shop with during that time of year. They also explored instances of their branded terms appearing alongside “Black Friday,” “Cyber Monday,” “Christmas,” or “Boxing Day.”

The report details critical findings for brands to reflect on:

  • Mobile apps blacklisted as malicious that can be found by searching for terms related to holiday shopping
  • Highly concerning blacklisted apps contained both branded terms of the top-10 e-commerce websites and holiday terms in the title or description
  • Combined blacklisted apps targeting the branded terms of top-10 most trafficked sites on Thanksgiving weekend 
  • Blacklisted apps for the top-five ‘Elite’ Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers.
  • Incidents of domain infringement across the top-10 e-commerce sites and holiday shopping, trying to trick e-commerce customers into clicking on malicious websites.
  • Blacklisted URLs contained holiday terms
  • Credit Card Skimmers, like Magecart, detected by RiskIQ over the 4th quarter of 2019
  • Percentage of consumers unknowingly downloaded an app outside of the Google Play and Apple App stores.
  • Percentage of consumers do not read or are unsure if they read the permissions before downloading an app
  • Percentage of consumers that do not check who the developer is before downloading an app. 

For specific methodology, metrics, or to learn more, download the RiskIQ 2019 Holiday Season Threat Review.

Share:

Connect with us
Featured Post

Full(z) House: A Digital Crime Group Using a Full Deck to Maximize Profits