Click Frenzy in November marks the start of online Christmas season shopping in Australia, followed by the additional online shopping campaign Black Friday. These one-day pressure sales promise outrageous bargains from some of Australia’s biggest retailers such as Myer, Sony, Bonds, and Air New Zealand.
‘Pressure sales’ means mindful consumer spending goes out the window. Online cybercriminals capitalise on the same time-limited sale tactics that retailers use—encouraging consumers not to think before they click. That's because these type of one-day sales put the onus on the customer to complete purchases as soon as possible, creating a huge sense of urgency, just in case they lose the deal to someone who was quicker to the mouse click or finger tap.
This urgency is exactly what cybercriminals leverage on.
If a person clicks through to an inbound phishing email purporting to be from a reputable online retailer but instead reaches a cloned website, the ‘purchasing’ of an item means scammers have just stolen their credit card and personal details. A hidden payload inside the ‘online shopping’ website may also be executed, resulting in compromised browser security and a whole computer system—including work data—to potentially fall victim to malicious intent.
Letting the drive for grabbing a bargain overtake common sense can be a fatal mistake. Unfortunately, this is happening all too frequently. The Australian Competition & Consumer Commission reported this week that Australians have already lost more money to online shopping scams in 2019 than in the entire previous year. So far in 2019, reported losses from online shopping scams are over $4 million, well in excess of the 2018 total figure of $3.28 million.
What can you do to protect your customers?
With the number and scale of online shopping scams impacting businesses growing at an alarming rate, it's key that we remind our clients about the importance of boosting their cyber-defence strategies as we enter the silly shopping season.
Here are a few tips that you can share with them:
1) Look out for any red flags
During the holiday season, we’re doing more shopping out of our comfort zone - buying gifts for other people in categories and with retailers we wouldn’t peruse ourselves. This might not only be from a Google search - perhaps it comes via an inbound email, or a recommendation on social media.
This is the time to stop and do some reconnaissance. Ask these questions:
- Are they a legitimate business? (Check reviews)
- Is this email coming from a legitimate address? (Check email domain)
- Are the links in the email going to the actual retailer’s website? (Compare with a Google search)
Avoid clicking through links on emails or downloading files unless you’re 100% certain that the sender is who they say they are.
2) Be wary of parcel delivery and other sales-adjacent scams
It's not only popular retailers that might be spoofed in online scams. This season also sees the rise of parcel delivery and banking-related scams. People shopping online rely heavily on postage services when ordering their beloved goods and use multiple payment systems to transact money over the web.
That's why we often see brands such as DHL, PayPal and Australia Post often being brandjacked this time of the year. Scammers know that people are distracted during this time and potentially more vulnerable to trickery. We’re all eager to do and receive our Christmas shopping on time, so we might not think twice before clicking a link in an email which states there was an error in processing our payment, or that our parcel is on the way.
3) Ensure your email security is up to scratch
We highly recommend companies take a strategic, multi-layered approach when it comes to cybersecurity. It’s sometimes referred to as a ‘defence in depth’ approach, designed to defend a system against attacks using several different methods and solutions, in the event that if one fails, the others will stop the threat.
Putting this in the context of email security, you may already have native security from your email hosting provider, like Google or Microsoft, but it’s key to remember that no one vendor can stop all attacks. Since we know that nine out of 10 attacks start with an email, it’s also prudent to employ an additional layer of cloud email security with email security specialists such as MailGuard.
Take the silly season as a good chance to give your customers a security refresher on the dangers of these types of online shopping events. Encourage your network to do the same to promote a wider security culture.
Share this article with them before they get to clicking.
What strategies are you advocating to your clients to ensure that your clients and their data are protected at all times? We'd love to hear your views. Feel free to contact us via the details below or join the conversation on our Twitter page.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993