As retailers exploit new technologies, so do cyber criminals. What the industry needs to know to combat the latest threats.
UK retailers are facing a tsunami of cyber crime, as organised international criminal gangs find new methods of fraud.
These include online refund scams, brand misuse, hacking online point of sale (PoS) devices and security cameras, plus a process known as whaling, which targets key executives.
Techniques developed in the US, where it is estimated retailers lose about $15bn a year to refund scams, are now easily available via dark web forums.
Brand misuse is another growing threat made easier by the trend towards increased online spending. This generally takes the form of offering consumers inferior goods purporting to bear the retailer’s brand.
Cloned site scams
In the past couple of years, website cloning has become more convincing. Often these sites are distinguishable from the original only to the expert eye. It is easy to generate a great deal of online traffic to these bogus sites.
As most major UK high street stores also sell their goods online, customers are used to receiving emails from well-known retailers offering seasonal discounts or special deals. Few ever bother to check whether they are being diverted to a genuine website.
Should the goods they receive be found to be inferior or if they fail to arrive entirely, most customers are likely to blame the legitimate retailer.
This not only cheats consumers and diverts retail income but can also cause severe damage to brands.
In the retail world, wireless connectivity means devices such as security cameras can be linked to corporate communications networks.
These now form part of the rapidly expanding soft underbelly of retail cyber security.
Hackers can use security cameras in head offices to spy on corporate activities to enable highly lucrative industrial espionage or simply access information to orchestrate a physical break-in.
Hackable PoS devices are becoming huge repositories of customer account information.
Retailers often transmit card information over the internet through paths that allow hackers to ‘sniff out’ customer credit details online.
According to recent industry estimates, fewer than one in five retail IT professionals is confident that the company’s PoS devices are configured securely.
Whaling targets security weaknesses
Whaling is a new weapon in the cyber criminals’ arsenal.
Like its predecessor spear phishing, whaling makes extensive use of weaknesses in the target organisation’s outer security perimeters, such as information divulged on social networks such as LinkedIn.
By impersonating the executive via, for example, a cloned email address or bogus phone call, the hacker tricks retail staff into opening up their networks to the hacker with potentially devastating results.
In order to defend themselves against the latest cyber scams, retailers must extend their security outlook well beyond their own IT systems and develop an awareness of threats emerging from illicit internet traffic and the dark web.