Go Phish: Retail Organizations in Deep Waters

With people staying at home during the pandemic, there has been an increase in online shopping for all sorts of products and services. However, this has led to a drastic increase in phishing and typosquatting attacks against retail organizations.

What is happening

  • The first half of this year experienced a significant rise in phishing attacks. There has been an increase of 83% in phishing attacks, with the total number of attacks in 2019 being 4,319 versus 7,934 in 2020.
  • There has also been a rise in typosquatting campaigns. Domains are designed to appear like renowned retail brands to create fake stores and steal credentials. Between March 1 and April 30, 163 registered domains were found to be pretending to be related to Amazon.

Key trends

  • There are three main types of phishing campaigns with COVID-19 themes - typosquatting, business email compromise, and scamming.
  • The mean fraudulent attempted purchase value saw a rise by USD 36 in March, due to the rise in the purchase of retail and electronic goods.

What the experts are saying

  • The retail sector is a breeding ground for phishing campaigns as it contains customers’ PII linked to their payment information.
  • Cybercriminals usually impersonate branded organizations to build credibility and get users to submit their credentials.

Worth noting

  • These malicious actors are well aware that the number of people ordering food delivery has increased, and, thus, they have also targeted food delivery services.
  • COVID-19 has also seen luxury brands being targeted with more than 400 Rolex typosquatted registered domains.

In essence

Threat actors have designed their tactics to take maximum advantage of the global pandemic and prey on the services that are of the greatest concern to potential victims.