This holiday shopping season was a boon for retailers, who raked in a record $1 trillion, an incredible increase of nearly $300 billion from 2018. Meanwhile, overall online sales increased 13%, while Black Friday and Cyber Monday saw 17% and 19% increases, respectively.
But online holiday shopping is a goldmine for more than just e-commerce businesses—threat actors try to get a piece of every dollar that consumers spend. Over the 2019 holiday shopping frenzy, these cyber-crooks used the brand names of leading e-tailers, as well as the poor online security hygiene of consumers, to pocket some of these earnings for themselves.
During this research, RiskIQ analysts focused on the ten-most trafficked e-commerce sites over the holiday season—brands people are incredibly likely to shop with during that time of year. They also explored instances of their branded terms appearing alongside "Black Friday," "Cyber Monday," "Christmas," or "Boxing Day."
The report details critical findings for brands to reflect on:
- Mobile apps blacklisted as malicious that can be found by searching for terms related to holiday shopping
- Highly concerning blacklisted apps, which pose a cyber security threat contained both branded terms of the top-10 e-commerce websites and holiday terms in the title or description
- Combined blacklisted apps targeting the branded terms of top-10 most trafficked sites on Thanksgiving weekend
- Blacklisted apps for the top-five 'Elite' Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers.
- Incidents of domain infringement across the top-10 e-commerce sites and holiday shopping, trying to trick e-commerce customers into clicking on malicious websites.
- Blacklisted URLs contained holiday terms
- E-commerce threats such as; Credit Card Skimmers, like Magecart, detected by RiskIQ over the 4th quarter of 2019
- Percentage of consumers unknowingly downloaded an app outside of the Google Play and Apple App stores.
- Percentage of consumers do not read or are unsure if they read the permissions before downloading an app
- Percentage of consumers that do not check who the developer is before downloading an app.
For specific methodology, metrics, or to learn more, download the RiskIQ 2019 Holiday Season Threat Review.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...