USA TODAY International Edition

Yikes! Online phishing attacks up 297 percent

- Dalvin Brown

It’s no question that online shopping has continued to grow over the past few years, making it easy to order anything you like from practicall­y wherever you like.

But what’s not so convenient is the slew of cybercrimi­nals who have come along for the ride to steal your data and charge your credit card for goods you’ll never receive. As retailers increasing­ly focus on selling merchandis­e through a variety of online channels such as Facebook and SnapChat, fraudsters are discoverin­g new avenues to lure in unsuspecti­ng victims.

“It is the most common way to obtain stolen credit-card numbers,” said Itay Kozuch, director of threat research of IntSights, a cyber-risk analytics company. “Instagram has become one of the leading vehicles for fraudsters to execute phishing (illegally capturing passwords and credit-card numbers) attacks, as it is still a relatively new and uncharted channel for merchants.”

In a joint venture with Riskified, an eCommerce fraud-prevention company, IntSights collected data on hundreds of thousands of illegal online purchases. The companies found that there was a 297 percent spike in the number of fake retail websites designed to phish for customer credential­s from July to September 2017 to that same period in 2018.

❚ How do the scammers do it? Most online retail fraud involves a simple two-step process: First, steal credit-card informatio­n. Then, order goods from a retailer.

The retailer fulfills the order and gets stuck with the bill after the real owner of the credit card disputes the unauthoriz­ed transactio­n. The bank reverses the charge.

❚ Why are online retailers easy targets? For one, there’s an abundance of merchants to target, many of which have weak security, experts say. The risk is relatively low, but the potential payout is high. If one doesn’t work, scammers can just move on to the next.

Fraud, scams and theft have always been challengin­g for brick-and-mortar stores to deal with. But eCommerce complicate­s the landscape since people can use an IP address from one country, pay with a credit card from another and have a shipping address virtually anywhere on the planet.

Also, these online tricksters often build authentic-looking websites to fool shoppers. “Scammers can register a domain for pretty cheap that looks like some everyday retailers you might be familiar with,” said Kevin Mitnick, a former computer criminal and founder of Mitnick Security Consulting. “Today, if they wanted to look like J.C. Penney, they could purchase JCPenny.US.com for just $21.”

❚ How can I protect myself? “The first step is to be aware these online attacks exist,” Mitnick said. “Stop, look and think before you click that link.”

The experts also suggested using anti-virus products that can detect malicious websites, along with two-factor authentica­tion. When two-factor authentica­tion is enabled, a user will receive a special code sent to their mobile device once they’ve entered a password.

“Be aware of spear phishing,” cybersecur­ity expert John Sileo said. Spear phishing is a tactic used to trick the target into giving more informatio­n. “They might say they have your password so you trust them. But it is just bait.”

Newspapers in English

Newspapers from United States