Black Frauday: 3 Common Fraud Attacks Aimed at Retailers 

Forget the smell of pine trees and holiday carols piping through store speakers. The real sign that the holidays have arrived is the anticipation of Black Friday. It no longer starts and ends the day after Thanksgiving. Many retailers host early deals to entice shoppers to kick-start the holiday shopping season and continue them through December. However, Black Friday isn't just an opportunity for shoppers to get steals and deals; it's also a chance for fraudsters to target retailers.

This year, holiday shopping might feel different. Emerging from the pandemic with high confidence, consumers report that they plan to spend almost 30 percent more this year, despite unchanged feelings about personal income and rising inflation. People are feeling optimistic even though many are still enduring a pandemic-based lifestyle. That optimism is what hackers are hoping to exploit. And, retailers, which are worried about shortages and need to push the holiday message hard, are the target. The bad guys aren't searching for deals; they're looking for security vulnerabilities so they can have a joyous holiday, too.

Retailers must protect their online presence, but since most consumers use smartphones to make holiday purchases, mobile security must be top of mind.

What are the most significant risks for retailers, and how can they stay vigilant during the season across their e-commerce ecosystem? Here are three of the most common types of fraud that retailers should be on the lookout for this season:

1. Data Breaches: Database breaches are so common that most retailers don't know about compromised accounts. Last year, Neiman Marcus announced that millions of its customers’ accounts had been broken into and that it didn’t know about the breach for six months. A report from Cornell University said that 89 percent of retailers that have been breached will be breached again within a year, and across the industry the total number of breaches in 2021 will exceed 2020. This said, there are certain telltale signs of a breach that businesses can watch out for, such as accounts accessing particularly high volumes of data as well as slow network performance.
2. Scalping: This refers to the process of using bots to buy popular or discounted items as fast as possible and then reselling them at marked-up prices. Currently, with limited inventory for some products, fraudsters see scalping as a big opportunity. Bot software has improved considerably in the last year. They're easy to purchase on the dark web and are commonly used to infiltrate e-commerce businesses. Using bots, criminals target hard-to-get electronics and gaming equipment, as was the case with the recent PS5 launch, when bots scooped up the inventory leaving gamers frustrated and paying inflated prices.
3. Promotion Fraud: Promotion codes and vouchers are a great way to attract new customers and keep them returning. However, they also attract criminals who create duplicate accounts to take advantage of the same promo code multiple times. They use app cloners to create numerous accounts on the same device to abuse new member benefits. Do this thousands of times and there will be fewer codes for legitimate users, leading to unhappy shoppers and lost revenue. Abuse can be spotted when codes are used in obscure geographies or by unauthenticated new users vs. return customers.

Black Friday doesn't need to turn into "Black Frauday." Retailers need to be on high alert for potential scams. Even though payment-related attacks typically claim the top spot, businesses should be aware of other ways criminals can attack their systems. Businesses should have appropriate risk intelligence measures in place that include clear indications as to whether any tools and techniques associated with fraud are in use. This way problems can be quickly remediated. With so much shopping on smartphones, businesses need to pay special attention to malicious activity on both their mobile and web environment, and it's critical to understand how their apps can be exploited. If they don't, the holidays won't be the best time of the year for business. They will be the worst.

Justin Lie is the founder and CEO of SHIELD, the world’s first risk intelligence company for mobile apps.