تحول دیجیتال در چند سال گذشته شتاب گرفته است و همچنین تهدیدات امنیتی نیز به همراه داشته است. با وجود کارمندان بیشتر از راه دور، خرید مشتریان بیشتر از طریق کانال های تلفن همراه و اجتماعی، و خرده فروشان بیشتر که زنجیره تامین خود را برای نگهداری موجودی در انبار گسترش می دهند، مجرمان راه های بیشتری برای دنبال کردن مشاغل تجارت الکترونیک دارند.
Meanwhile, security awareness training may not be keeping up. It’s a good time to review your organization’s awareness program and adjust reflect the current threat landscape. Here’s how retailers can update their awareness training and practices to match their digital transformation progress.
افزایش چشمگیر تقلب در حمل و نقل
While most retailers understandably focus on fraud at the payment stage of the customer journey, shipping fraud should also be considered. In fact, shipping fraud is the fastest-growing type of fraud worldwide, according to TransUnion’s “روندهای تقلب دیجیتال جهانی 2022” report. Shipping fraud grew by 780% from 2020 to 2021, and by 1,541% from 2019 through 2021, according to the report. Shipping fraud can lead to chargebacks, inventory losses, and brand damage just as card-not-present (CNP) and account takeover (ATO) fraud do.
“Shipping fraud” is an umbrella term that covers several tactics that criminals use to exploit the e-commerce shipping process. Different approaches can target different areas of your business, so it’s important to expand shipping fraud awareness across your organization rather than solely training your fraud team on this threat.
For example, your customer service and fulfillment teams should be aware of how package rerouting scams operate. Fraudsters place orders with stolen payment data or hijacked customer accounts and use the victim’s real delivery address so the order doesn’t get flagged as suspicious. After the order is approved, fraudsters contact customer service and request a delivery address change, claiming they made a mistake.
While honoring such a request may seem like good customer service, it could be exposing your company to fraud. One solution that can satisfy legitimate customer requests while avoiding fraud is to cancel the original transaction and run it again with the updated delivery address. If it’s approved, customers get their purchases directed to the right address. If it’s not, your company has avoided a case of shipping fraud.
گسترش زنجیره های تامین، خطر حمله ایمیل بیشتر
Other security risks aren’t necessarily coming in through your website or shopping app, but they can imperil your brand, your business operations, and your customers. A prime example is email phishing attacks, which increased against e-commerce businesses by 53.9% from 2019 through 2021, according to the TransUnion report.
One reason for the current email phishing surge is the rapid expansion of supply chains since the start of the pandemic, as retailers made new connections to avoid running out of stock and disruptions. Another is the increasing reliance on email for customer interactions since early 2020: Online interactions now make up 61% of all customer engagements with companies, according to Salesforce’s “وضعیت مشتری متصل” report. The addition of more contacts to the email ecosystem and the higher volume of email traffic provides criminals with more opportunities to launch email attacks.
A subset of business email compromise (BEC) is vendor email compromise, and it’s a growing problem. In a vendor email compromise scheme, attackers impersonate trusted third parties such as suppliers and vendors to trick employees into paying fraudulent invoices, entering login credentials, or sharing proprietary data. According to a گزارش از شرکت امنیتی ایمیل Abnormal، بیش از نیمی از حملات BEC اکنون جعل هویت شخص ثالث هستند. در نتیجه، همه کارمندان باید بدانند که وقتی ایمیلهای فرستندههای مورد اعتماد، از جمله تامینکنندگان و فروشندگان، حاوی درخواستهایی هستند که غیرعادی به نظر میرسند، باید آن پیامها را برای تیم امنیتی علامتگذاری کنند تا قبل از پاسخگویی بررسی شود.
مهاجمان از روندهای نیروی کار از راه دور و ترکیبی بهره برداری می کنند
Ransomware and other forms of malware are a perennial problem for retailers, especially malware that steals customer payment data. Verizon’s “گزارش بررسی نقض داده ها در سال 2022” found that the retail industry suffered seven times as many instances of “capture app data” malware than other industry. These حملات به سبک Magecart can silently scrape data as it’s entered, going undetected until fraud complaints start coming in. To prevent them, everyone who works with your website needs to be aware of the potential for this type of malware and the processes for scanning, removal, and remediation.
Another growing opportunity for malware attackers is retailers’ shift to remote or hybrid workforces. As employees log in remotely more often — and more often from personal rather than company devices — fraudsters have seized the opportunity to create realistic-looking login request emails that can appear to come from your company’s cloud services, such as Google Drive or Microsoft SharePoint. All employees and executives need to be aware of the risk that unexpected or slightly unusual login request messages can pose. Like unusual vendor messages, these should be reported to the security team for review before replying.
These trends illustrate why it’s important for security awareness to be a process rather than a one-time discussion. This year, your people need to be aware of shipping fraud, vendor email compromise, and credential phishing attacks posing as company resource providers. Next year, it will likely be something else. By having regular discussions about these security issues and encouraging a data-safety mindset, you can reduce the risk of today’s threats and create a culture of security that benefits your company over the long term.
