By now, it's clear that threat actors are targeting the e-commerce holiday shopping season. In our 2020 Holiday Shopping Threat report, RiskIQ researchers found hundreds of threats against the ten-most trafficked e-commerce sites in the U.S. and U.K., including phishing, domain infringement, malicious mobile apps, and scams.
The holiday shopping season has become a crucial period for e-commerce and a cornerstone of online shops' annual revenue. Adobe Analytics predicts online holiday shopping to reach a record $910 billion in 2021, projecting U.S. e-commerce sales to grow 10% year-over-year between November and December. eMarketer forecasts total U.S. retail sales to rise 9% to $1.147 trillion this holiday season, with retail e-commerce accounting for 18.4% of total sales, climbing 14.4% to $211.66 billion.
This year, our goal is to help brands fight back by sharing approachable ways for beginners and seasoned cybersecurity professionals alike to keep their organizations safe. Phishing and other malicious sites have distinct characteristics we can use to identify and defeat them. These 'red flags' can help determine which pages, apps, and URLs are legitimate and those spun up by threat actors to target brands and customers.
You don't need a holiday miracle to keep your brand and organization safe this holiday shopping season. We hope this guide will be a force multiplier and empower e-commerce stakeholders to overcome resources shortages or cyber skills gaps to identify cyber threats endemic to the holiday shopping season.
The guide breaks down 12 real examples of red flags that users can leverage RiskIQ Community Edition or other open-source tools to spot. These include:
- A website has been up for only a short period
- A domain is hosted in a country you're not expecting
- The site is a copy from elsewhere
- A website has an SSL certificate from a free certificate authority
- Many more
RiskIQ's global cyber threat workshop program has issued tens of thousands of CPE credits to thousands of cybersecurity analysts worldwide, with thousands more watching on-demand sessions. With our 2021 Holiday E-Commerce Guide, we hope to extend similar security-minded advice, tools, and skills to practitioners of all levels, enabling them to understand and anticipate how their brands and customers are being targeted this holiday shopping season.
The full report, An E-commerce Guide: 12 Ways to Unmask Cyber Threats This Holiday Shopping Season, can be found here.