Retailers need to identify and block threats to online shoppers
Retailers need to identify and block threats to online shoppers

With more of the seasonal shopping spree having moved online, including during the current New Year sales, retailers and their customers are being targeted by increasingly sophisticated frauds perpetrated by organised criminal gangs (OCGS).

During 2017, face-to-face retail spending in the UK fell by 3.7 per cent while online sales rose by 3.6 per cent. Retail revenues for the top 250 global retailers totalled more than £3.17 trillion in 2015 with an average shift of seven per cent of sales, worth around £200 million, from the high street to online sales. As shoppers scour the internet for bargains and major brands and special offers, they are becoming prey to a wide variety of online retail scams. These include seasonal favourites already familiar from Christmas/New Year 2016 such as fake retail websites that are practically indistinguishable from the real thing.

But some new scams such as online refund fraud are also gaining pace. This typically takes the form of defrauding an online retailer via their returns policy. The OCG publishes a post aimed at recruiting potentially dishonest consumers willing to be party to a retail fraud. Customers then respond to the post and discuss the parameters of the scam with the OGC, which approaches the online retailer to request a refund on the fake customer's behalf. Once the refund is paid, the OCG and the dishonest customer share the proceeds. The scam works well because online retailers are currently keen to expedite refund approval to make themselves increasingly customer-focused so as to differentiate their services from those of their competitors; many online retailers do not even insist on seeing the returned goods before issuing a refund. Some retailers do not even use standard verification processes such as CAPTCHA for fear of doing anything that might negatively affect revenues by deterring a potential customer from making an online purchase.

As the fashion industry tends to have the most returns, it is the most vulnerable to this type of scam, accounting for 72 percent of fraudulent online refunds. But the OCGs are also increasingly targetting the electronics industry because of the relatively high prices of branded electronic goods. Although the industry accounts for only 14 percent of fraudulent refunds, the refund per item is, on average, well over four times that on fashion items. Most of the OGCs perpetrating this type of refund fraud come from outside the UK with 48 percent coming from the US and 32 percent from Europe, mainly Russia.

In an effort to hijack customer accounts, OCGs have also been honing their credential stuffing techniques. The deep web offers for sale long lists of stolen customer credentials with which the fraudsters can then bombard retail websites to try and match them with existing customers accounts.  Nor do the online fraudsters require any particular technological expertise as some Dark Web forums also offer credential stuffing software tailored to attack specific big-name retailers.

During the seasonal sales online consumers, particularly those who like to keep in touch via social networking sites, are likely to be bombarded with all kinds of spoof offers in the form of coupons offering huge discounts on branded goods as well as bogus free flights and all kinds of fake raffle prizes; sometimes consumers will be directed to fake websites that are indistinguishable from those of bona fide brands to all but the trained eye. Online shoppers are also likely to receive fake special offers in the form of emails with links to bogus websites.

The purpose of all these scams is to trick the unwary into giving out passwords and credit card details that can then be monetised by the OCGs.

As online retailers become increasingly customer-centric to make the customer purchaser experience as seamless and painless as possible, they run the risk of facilitating a variety of cyber-frauds. To prevent fraud, online retailers need to widen their cyber-security perimeters to encompass virtual geographies such as the deep web and social networking sights. By patrolling these new perimeters, retailers will be able to identify and block fraud threats before the OCGs have sufficient time to execute or monetise their fraud schemes.

Failure to do so will result not only in significant lost revenues from scams such as online refund fraud but also in incalculable damage to their brand image in the eyes of all the customers and potential customers who have been ripped off by fraudsters posing as legitimate retailers.

Contributed by Elad Ben-Meir, vice-president, CyberInt .

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.