2019 Holiday Shopping Season Threat Review

A post-mortem of e-commerce threats

This holiday shopping season raked in a record $1 trillion, an increase of nearly $300 billion from 2018. Overall online sales increased 13%, while Black Friday and Cyber Monday saw 17% and 19% increases, respectively. Meanwhile, for every dollar that consumers spend shopping online, bad actors are looking to capitalize.

Threat actors used the brand names of leading e-tailers, as well as the poor online security hygiene of consumers, to pocket some of these earnings for themselves. They fool shoppers eagerly searching for deals, sales, and coupons by creating fake mobile apps and landing pages. These tactics trick users into unknowingly downloading malware, using compromised sites, or giving up their login credentials and credit card information.

Using RiskIQ Illuminate™–a platform housing petabytes of internet intelligence collected over the past decade––internal analysts were able to efficiently surface malicious findings across several data sets including mobile applications, domain registrations and hosting infrastructure.

The report details critical findings for brands to reflect on, including:

  • Mobile apps blacklisted as malicious that can be found by searching for terms related to holiday shopping
  • Highly concerning blacklisted apps contained both branded terms of the top-10 e-commerce websites and holiday terms in the title or description
  • Blacklisted apps for the top-five ‘Elite’ Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers
  • Blacklisted URLs contained holiday terms
  • Credit Card Skimmers, like Magecart, detected by RiskIQ over the 4th quarter of 2019
  • Percentage of consumers unknowingly downloaded an app outside of the Google Play and Apple App stores
  • Percentage of consumers that do not check who the developer is before downloading an app

Download Infographic