SHOPPERS VULNERABLE AS THREAT FROM CYBER CRIMINALS INCREASES
▶ Poorly maintained and unsecure e-commerce platforms in the Middle East are attractive to prowling hackers
As the region enters one of the busiest shopping periods of the year, both online and offline customers are at the risk of losing money from theft of credit card details by cyber criminals, caution experts.
Poorly maintained websites and unsecure e-commerce platforms in the Middle East are attractive to cyber criminals who also want to hack cryptocurrency infrastructure in the region, the global consultancy Booz Allen Hamilton said.
“Gulf-based retailers and their infrastructure are increasingly being targeted with advanced malware variants to intercept payment, card data and communications,” said Jay Townsend, a principal at consultancy.
Hacking group Magecart targeted more than 800 e-commerce websites between February 2017 and June 2018, according to cyber-security company RiskIQ. The group stole confidential information from nearly 400,000 transactions with its victims including Ticketmaster UK and British Airways.
The UAE, the second-biggest Arab economy, where online market research Statista estimates e-commerce market to reach about $10 billion (Dh36.73bn) by the end of 2018, is one of the prime targets for cyber criminals.
WhatsApp messages are the latest in a string of phone scams to hit the country, which has nearly 99 per cent smartphone penetration. In October, many residents reported receiving a series of fraudulent calls from Antarctica, the tiny Pacific island of Nauru and Luxembourg. The Central Bank of the UAE last week issued a public warning to be wary of fraudulent WhatsApp messages.
The regulator, which manages the currency, monetary policy and banking regulations in the country, said the messages include a hyperlink that could expose the receiver to a malicious website.
In the past, the UAE Banks Federation has also run cyber-security sharing programmes among its member banks to help prevent crimes perpetrated online against lenders.
It is imperative that retailers and customers alike take precautionary measures to safeguard against online frauds that could result in massive financial losses, Booz Allen Hamilton said.
During the holiday shopping season, cyber criminals will try to execute fraudulent transactions with all the information they have illegally acquired over the past 12 months, said Angel Grant, director, identity and fraud and risk intelligence at network security company RSA.
Online payment fraud losses through e-commerce, airline ticketing, money transfer and banking platforms will reach $48bn by 2023, up from $22bn in losses projected for 2018, Jupniper Research, said in its latest report.
According to a poll of UAE residents by global payments company Visa, 66 per cent of shoppers are happy to shop online.
The figure for UAE nationals buying online is as high as 81 per cent, while 70 per cent of people are at ease paying utility bills through digital platforms.
“UAE is home to one of the most advanced and tech-savvy generations, who prefer to buy online. Looking at the grey area, this trend also gives bad boys enough space to try their tactics,” said David Weston, Microsoft’s’s hackerin-chief.
To avoid any cyber fraud attempt, he advises to switch to the latest operating system. “Cybercriminals are targeting money through compromising the users’ identity – his username and password. So, get on the next level of security using fingertips or facial recognition as you buy this shopping season,” he said.
Dubai is opening the 39-day Dubai Shopping Festival today and the organisers are expecting huge footfall of local, regional and international buyers.
This year has also seen a surge in formjacking frauds – where cyber criminals use malicious code to steal credit card details from payment forms on the checkout web pages of retail websites.
US cyber-security company Symantec has blocked nearly 700,000 formjacking attempts globally from mid-September to mid-November this year.
“Internal surveillance and monitoring will be a standard contingency measure in the years ahead,” said Sevi Tufekci, director of sales engineering for emerging markets, Europe, Middle East and Asia at Citrix, another US data security company.
This year has also seen a surge in formjacking frauds – where hackers use malicious code to steal credit card details