Christmas in July: CyberInt Research Warns that Amazon Prime Days Inspire Cybercriminals to Shop for Victims

TEL AVIV, Israel, July 11, 2019 /PRNewswire/ -- Amazon Prime Days is a summer rerun of Black Friday, Cyber Monday, and Christmas shopping - significant price reductions together with a concurrent increase of threat actor activity in the deep and dark web.

Looking back, the December 2018 holiday shopping season generated 30% higher than usual threat traffic. Based on monitored Dark Web chatter, CyberInt Research expects similar results leading up to Amazon Prime Days and the days following. CyberInt is the leading cybersecurity provider of managed threat detection and mitigation services to digital consumer businesses.

"Unfortunately, the more retailers do for their customers, the more opportunities cybercriminals have to find ways to take advantage of it," says Daniela Perlmutter, Vice President of Marketing of CyberInt. "As part of our mission to help ecommerce players and their customers be more cyber resilient, we're trying to inform as many people as possible about how to protect themselves."

Five Tips for Retailers to Protect Their Customers

1. To protect against threat actors using their brands to lure customers, retailers need to:

    --  Identify abandoned subdomains that may be claimed by threat actors and
        used for phishing, social engineering, and session hijacking
    --  Claim domains with high similarity to yours that may mislead clients and
        be used by threat actors - for example Wallmart or Targett

    --  Raise awareness among employees and customers regarding phishing attacks
        via email and websites

2. Apps mimicking the look and functionality of your brand's official mobile app can trick users to install it and may cause a variety of malicious actions.

    --  Constantly seek out the fake apps and have them removed immediately

    --  Recommend that your clients only download apps from recognized mobile
        app stores, such as Apple App Store, Google Play, and Amazon Appstore.

3. Due to the significant increase in shopping traffic, it's easier for cybercriminals to disguise their actions. Account checkers and credential stuffing attacks, which predominantly exploit password reuse across sites and use compromised data from third parties to attempt to access your service, are expected to increase during the next week or so.

To fight this, ecommerce companies should

    --  Limit the number of accounts that can be registered from one IP address
        in a certain period of time
    --  Consider IP monitoring, blacklists, and restrict automated processes by
        using geo-location and/or IP address block lists to restrict access to
        only valid IP address ranges, e.g. block VPN and dark network addresses
        as these are likely being used by nefarious parties to mask their
        locations
    --  Limit the number of login attempts per HTTP client

4. Retailers regularly face fraudulent refunds and inventory manipulation. To protect against these types of attacks, retailers need to

    --  Monitor their online assets to identify threats
    --  Automatically cancel orders involved in fraudulent activity
    --  Block accounts identified as the cause of these fraudulent activities
    --  Have a strict return policy in place
    --  Build and maintain a set of rules to identify fraudulent accounts and
        requests so they can block them before they are approved.

5. Unfortunately, in many situations, employees are the weakest link and fall prey to social engineering attacks, like spear phishing. Employees with access to sensitive data need to be educated about the rising risks during peak shopping times.

For longer-run protection from Prime Days to December 26 and beyond, retailers need to

    --  Increase customer awareness about the risks of password reuse, phishing,
        and brand appropriation
    --  Install an AI solution to analyze behavior of normal customer
        connections to detect anomalous activities, with automated mitigation
        such as prompting the customer for an additional authentication or
        restricting access to the account to prevent fraudulent use
    --  Invest in threat intelligence monitoring to detect credential dumps from
        third-party compromises before they become actual threats, giving them
        time to audit their own customers' accounts for potential password reuse
        and allow for proactive measures to be taken, for example, forcing
        password changes and/or advising customers of the potential breach and
        dangers of password reuse.
    --  Managed threat intelligence monitoring can take investigations further
        to expose the threat actors' identities, uncovering exact methods and
        techniques to try to prevent future fraudulent activities.

Six Tips for Customers to Enjoy Their Discounts Safely

1. Inspecting site security is the first critical step for proactive cyber protection.

    --  You need to ensure there's a lock on the website you're browsing on. If
        it's a fraudulent website - even if it looks legitimate - the lock won't
        be there. The lock indicates a secure mode where communications between
        browser and web server are encrypted. This type of connection is
        designed to prevent anyone from reading or modifying the data you
        exchange with the website. If the lock is green, it is legitimate. If it
        is red, it is probably using an expired certificate or the server is
        misconfigured - warnings not to perform transactions on the site.

2. Change your approach to passwords

    --  Use different passwords for different accounts and websites to reduce
        your risk if one of the accounts is exposed.
    --  Use strong passwords with at least 10 characters, including capital
        letters, numbers and special characters

3. Protect yourself against phishing websites and emails, especially if they ask you to log in with your username and password

    --  Verify that the URL you're using is the real URL. Just because the logo
        and colors are real doesn't mean the site is real
    --  Is the offer too good to be true? If it is, it's probably not true.
    --  Read the content carefully. Cybercriminals don't generally write in the
        style of legitimate businesses. They may not use correct grammar,
        spelling or punctuation. The content may not even make any sense.
    --  Check the links. You can hover over a link to see where it leads without
        actually clicking. Ensure it matches the legitimate site. If it is
        shortened, that's a quick clue that it isn't safe.
    --  Do not download any attachments. If it's a legitimate message, you'll
        most likely be directed to the customer service site if you need to
        download anything.
    --  If it's an email, check to see if the sender is someone you know.

4. Think twice before clicking an ad.

    --  Cybercriminals are Google ad words experts, too. If an ad asks for your
        login details, stop immediately. You've probably been phished. If the
        advertisement is linking to a special at the retailer's site, go to the
        site directly to find it.

5. Be skeptical about egifts and vouchers

    --  Offers that are too good to be true often are. If answering a simple
        survey - asking for your username and password - rewards you rather
        generously than expected, it is not a legitimate site.
    --  Survey scams are typically shared via social media or pop-ups on
        unrelated websites and will collect personal information in addition to
        encouraging victims to sign-up for services that they may not want.
        These are typically used to gather personal information for later
        fraudulent or nefarious use as well as making money for the threat actor
        through referrals.
    --  Only purchase gift cards and digital goods from reputable outlets.
        Listings on personal ads or auction sites may be for gift cards or
        digital goods obtained using stolen payment card data or from stolen
        accounts. Ensure that you have received a legitimate link for purchase
        or redemption.

6. Be wary of SMS and WhatsApp advertisements

    --  Never share or provide your password.
    --  Don't open messages from unknown numbers or contacts.
    --  Link shortening technology can disguise fraudulent links.
    --  Check where the link is directing before clicking it.

By being aware of the potential hacks and remaining vigilant, consumers can better ensure that they are getting real bargains during their transactions and not exposing themselves to identity theft, fraud, and other threats.

Any brands mentioned are trademarks of their respective owners.

About CyberInt Research

CyberInt Research is focused on investigating adversary tradecraft and tactics, techniques and procedures (TTP) focusing on threats to various sectors and industries across regional locations. CyberInt Research team tracks new and emerging threats and threat actors to provide insights into their capabilities and operations.

About CyberInt

CyberInt (http://www.cyberint.com) transforms cybersecurity into a business enabler with targeted threat detection and mitigation. CyberInt delivers the only digital risk and threat intelligence platform combining cyber expertise and profound business understanding to deliver insights and actions that protect what matters most: the business goals, customers, employees, and brand. CyberInt serves top retail, finance, and gaming organizations around the world and has developed a deep understanding of the threats, needs, and behaviors particular to each industry.

CyberInt Media Contact
Amy Kenigsberg
K2 Global Communications
http://k2-gc.com/
amy@k2-gc.com
tel: +972-9-794-1681 (+2 GMT)
mobile: +972-524-761-341
U.S.: +1-913-440-4072 (+7 ET)

View original content:http://www.prnewswire.com/news-releases/christmas-in-july-cyberint-research-warns-that-amazon-prime-days-inspire-cybercriminals-to-shop-for-victims-300883651.html

SOURCE CyberInt