RiskIQ research unveils holiday shopping e-commerce threats for brands and consumers
RiskIQ, the global leader in attack surface intelligence, today released its annual Holiday Shopping E-commerce Blacklist threat report. The report unveils how cyber attackers are leveraging popular brands, weaknesses of the global pandemic, and unsafe consumer shopping habits to victimise consumers.
This year’s report dives into RiskIQ’s Internet Intelligence Graph, repositories of correlated threat data compiled over ten years of crawling the web, to expose the e-commerce threat landscape during the busiest shopping period of the year and how threat actors target top-ten most trafficked e-commerce sites in the U.S. and U.K.
This year’s critical data includes:
- Of all apps that can be found by searching “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas,” 466 are blacklisted (unsafe to use) as malicious
- The top-10 most trafficked sites on Thanksgiving weekend have a combined total of 1,654 blacklisted apps that contain their branded terms in the title or description, totalling 82.7 per brand
- 7 domain infringement events across the top-10 most trafficked sites
- The average length of a Magecart breach is 22 Days
- RiskIQ detects a Magecart attack every 16 minutes
- Looking at five of the top-10 most trafficked sites in the U.S and U.K, it found 18,891 blacklisted URLs containing their branded terms or 945 per brand
“This year’s bad holiday actors will capitalise by using the brand names of leading e-tailers, as well as the poor security habits of consumers,” said RiskIQ CEO Lou Manousos. “They’ll fool shoppers looking for shopping deals, sales, and coupons by creating fake mobile apps and landing pages.”
For shoppers looking to score great deals while filling out their holiday shopping list, one misinformed action can result in a malware infection, stolen personal data, or a hijacked credit card number. The report aims to educate consumers on the risky actions threat actors prey on and tips for avoiding becoming a victim.
For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust of customers and prospects. By downloading the report, brands can better understand their vulnerabilities and work to anticipate how they’re being targeted through the holiday shopping season.
The full report can be downloaded here: https://riskiq.com/resources/research/riskiq-2020-black-friday-e-commerce-blacklist/