Formarea de conștientizare a securității trebuie să evolueze pentru a se alinia cu amenințările tot mai mari la securitatea comerțului electronic

Transformarea digitală s-a accelerat în ultimii doi ani și, la fel, au și amenințările de securitate. Cu mai mulți angajați care lucrează de la distanță, mai mulți clienți care cumpără prin intermediul canalelor mobile și sociale și mai mulți comercianți care își extind lanțurile de aprovizionare pentru a păstra stocul în stoc, criminalii au mai multe căi ca niciodată de a căuta afacerile de comerț electronic.

Meanwhile, security awareness training may not be keeping up. It’s a good time to review your organization’s awareness program and adjust reflect the current threat landscape. Here’s how retailers can update their awareness training and practices to match their digital transformation progress.

O creștere dramatică a fraudei în transport maritim

While most retailers understandably focus on fraud at the payment stage of the customer journey, shipping fraud should also be considered. In fact, shipping fraud is the fastest-growing type of fraud worldwide, according to TransUnion’s “Tendințe globale în fraudă digitală în 2022” report. Shipping fraud grew by 780% from 2020 to 2021, and by 1,541% from 2019 through 2021, according to the report. Shipping fraud can lead to chargebacks, inventory losses, and brand damage just as card-not-present (CNP) and account takeover (ATO) fraud do.

“Shipping fraud” is an umbrella term that covers several tactics that criminals use to exploit the e-commerce shipping process. Different approaches can target different areas of your business, so it’s important to expand shipping fraud awareness across your organization rather than solely training your fraud team on this threat.

For example, your customer service and fulfillment teams should be aware of how package rerouting scams operate. Fraudsters place orders with stolen payment data or hijacked customer accounts and use the victim’s real delivery address so the order doesn’t get flagged as suspicious. After the order is approved, fraudsters contact customer service and request a delivery address change, claiming they made a mistake.

While honoring such a request may seem like good customer service, it could be exposing your company to fraud. One solution that can satisfy legitimate customer requests while avoiding fraud is to cancel the original transaction and run it again with the updated delivery address. If it’s approved, customers get their purchases directed to the right address. If it’s not, your company has avoided a case of shipping fraud.

Extinderea lanțurilor de aprovizionare, mai mult risc de atac prin e-mail

Other security risks aren’t necessarily coming in through your website or shopping app, but they can imperil your brand, your business operations, and your customers. A prime example is email phishing attacks, which increased against e-commerce businesses by 53.9% from 2019 through 2021, according to the TransUnion report.

One reason for the current email phishing surge is the rapid expansion of supply chains since the start of the pandemic, as retailers made new connections to avoid running out of stock and disruptions. Another is the increasing reliance on email for customer interactions since early 2020: Online interactions now make up 61% of all customer engagements with companies, according to Salesforce’s “Starea Clientului Conectat” report. The addition of more contacts to the email ecosystem and the higher volume of email traffic provides criminals with more opportunities to launch email attacks.

A subset of business email compromise (BEC) is vendor email compromise, and it’s a growing problem. In a vendor email compromise scheme, attackers impersonate trusted third parties such as suppliers and vendors to trick employees into paying fraudulent invoices, entering login credentials, or sharing proprietary data. According to a raportează de la firma de securitate a e-mailurilor Abnormal, mai mult de jumătate din toate atacurile BEC uzurpă acum identitatea unor terțe părți. În consecință, toți angajații trebuie să fie conștienți de faptul că atunci când e-mailurile de la expeditori de încredere, inclusiv furnizori și vânzători, conțin solicitări care par neobișnuite, ar trebui să semnalizeze acele mesaje pentru ca echipa de securitate să le examineze înainte de a răspunde.

Atacatorii exploatează tendințele forței de muncă de la distanță și hibride

Ransomware and other forms of malware are a perennial problem for retailers, especially malware that steals customer payment data. Verizon’s “Raport investigații privind încălcarea datelor din 2022” found that the retail industry suffered seven times as many instances of “capture app data” malware than other industry. These Atacurile în stilul Magecart can silently scrape data as it’s entered, going undetected until fraud complaints start coming in. To prevent them, everyone who works with your website needs to be aware of the potential for this type of malware and the processes for scanning, removal, and remediation.

Another growing opportunity for malware attackers is retailers’ shift to remote or hybrid workforces. As employees log in remotely more often — and more often from personal rather than company devices — fraudsters have seized the opportunity to create realistic-looking login request emails that can appear to come from your company’s cloud services, such as Google Drive or Microsoft SharePoint. All employees and executives need to be aware of the risk that unexpected or slightly unusual login request messages can pose. Like unusual vendor messages, these should be reported to the security team for review before replying.

These trends illustrate why it’s important for security awareness to be a process rather than a one-time discussion. This year, your people need to be aware of shipping fraud, vendor email compromise, and credential phishing attacks posing as company resource providers. Next year, it will likely be something else. By having regular discussions about these security issues and encouraging a data-safety mindset, you can reduce the risk of today’s threats and create a culture of security that benefits your company over the long term.