A surge in mobile shopping during the Christmas season may allow fraudsters and cyber-thieves to exploit weak security processes to steal payment information and to conduct online fraud.
Cyber-thieves may resort to social engineering and online fraud during the Christmas season to steal millions from inattentive shoppers.
In 2015, the police noted that cyber-thieves had conned Christmas shoppers off more than £10 million, with thousands of shoppers admitting that they had been conned at least once during the Christmas season.
With the percentage of online transactions increasing significantly in the last couple of years, cyber-thieves and fraudsters will once again try to make merry by exploiting poor security practices and defrauding eager shoppers by flooding their inboxes with phishing emails.
Keiron Dalton, mobile banking expert from Aspect Software, believes that fraudsters will rely heavily on social engineering and on bypassing weak security processes to con shoppers off their precious money during the Christmas season.
Hackers are now using innovative tools to commit fraud and thus it is important for both buyers and sellers to stay prepared for such activities to ensure their payment information are secure. Dalton has highlighted SIM Swap as among some innovative tools that hackers will use during the Christmas season.
‘SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process.
‘Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This often happens before the victim is even aware they have been targeted,’ he says.
‘We are working closely with the GSMA, as well as with a number of big banks and leading mobile network operators in the UK and in the rest of Europe to build a collaborative effort to fight new types of fraud like SIM Swap, but consumer awareness of the crimes has stayed relatively out of the headlines.
‘If your phone or SIM card has been compromised, there are a number of tell-tale signs to look out for before it gets too far,’ he adds.
Considering that SIM Swap is a highly effective tool and carries a lower risk, Aspect Software is urging shoppers to take a few steps to ensure that they are not defrauded by such techniques employed by cyber-thieves.
To commit SIM Swap, a fraudster will require a victim’s bank account details first. It is thus important that you do not enter your bank account details or other payment information on sites that do not look so genuine. At the same time, it is better not to click on ‘Christmas offer’ e-mails as many of them could just be phishing e-mails sent by cyber-thieves.
At the same time, a large number of legitimate-looking shopping apps will flood official App Stores but many of them could contain spyware, ransomware or other forms of malware that may collect sensitive information from your device. As such, you need to use official apps of brands and must perform in-app purchases rather than trusting third-party apps and services.
With malicious actors intent on getting their hands on every single credit card in your possession or to max out all your cards by stealing credentials online, it goes without saying that you need to be very, very vigilant about where you shop, and if the retailers you are dealing with online are genuine.
‘Stolen credentials continue to be one of the biggest reasons behind data loss and financial fraud, and it’s vital that everyone – even those not shopping on Black Friday – is monitoring for suspicious activity across their bank accounts between now and Christmas,’ says Rashmi Knowles, EMEA Field CTO at RSA Security.