It is not hard to see how one could fall for a phishing attack over the holidays; for example, when they receive an “Eid Mubarak” email or a seasonal discount offer. 

These phishing messages are designed to trick you into typing in your payment information, which lets crooks get your financial details faster than you can say, “What’s special for Eid lunch?”

Bottom line: Don’t click on the links or open the attachments.

Studies have observed a 30% increase in the average number of ransomware attacks over the holiday period compared to the monthly average. Ransomware and phishing attacks increase in retail.

To provide a premium online shopping experience, retailers handle more customer data, including shipping and contact information, shopping preferences, and purchase history, than ever before.

In 2022, the retail industry experienced over 600 incidents, of which 241 involved confirmed data breaches, according to Verizon’s 2022 Data Breach Investigations Report.

It is no wonder that warnings are issued during the Eid holiday season, urging businesses to stay vigilant.

“We see significant increases in traffic on shopping and e-commerce sites this season as individuals buy gifts for their friends and family. Cybercriminals know this, and as a result, we are seeing a corresponding spike in scam activity to accompany the upcoming Eid holidays,” says Sharef Hlal, Group-IB’s Head of the Digital Risk Protection Analytics Team, MEA region.

NUMBER OF CHALLENGES

In the Middle East, the festive season poses several challenges for retailers as scammers increasingly appropriate their name and likeness to create fake websites, social media pages, or advertisements, claiming to offer large discounts from major brands. 

“The scammers hope to trick users into interacting with these posts and publications, which often end with them demanding either personal information or, in some cases, bank card details from the victims,” says Hlal. “Scam activity creates reputational risks for retailers, as an individual may be discouraged from purchasing from a store if they had a bad experience.”

Meanwhile, as concerns over the credit risks of Buy Now, Pay Later (BNPL) platforms have been making headlines, there’s another threat beneath the surface: fraud.

With online sales increasing throughout the Eid long weekend, BNPL transactions are expected to surge, which will become an appealing target for fraudsters, says Saeed Ahmad, Managing Director, MENA at Callsign.

“Creating a fake BNPL account using stolen card details and identities is a growing fraud attack vector. Since consumers are not immediately billed, realizing they have been targeted may take some time,” says Ahmad. “Account takeover is another type of fraud in which a fraudster hacks into a legitimate user’s BNPL account and buys goods using an existing account.”

Retailers face increased risks because they are often held accountable for BNPL fraud. The fraudster buys an item but never pays for it, whereas retailers are held responsible for the overall user experience, fraud prevention, cost of products, and brand harm if they are linked to BNPL provider fraud.

FRAUD PREVENTION

When it comes to BNPL and other types of fraud, Phishing attacks are typically the first tool in a fraudster’s arsenal. According to experts, customers that use the same password across all their BNPL accounts are more vulnerable to fraud. 

“Consumers should use different passwords for their BNPL services to prevent ATO fraud as much as possible, be wary of responding to SMS text messages or emails appearing to be from their favorite retailers to avoid BNPL or any fraud during the Eid shopping season,” says Ahmad.

The goal of criminals is to steal customer data for financial gain. This makes it essential for retailers to find more effective ways to protect this data from theft or unauthorized access to maintain a positive brand reputation and customer trust.

Experts recommend that retailers track the internet and social media themselves or with Digital Risk Protection solutions to detect any misuse of their brand’s logo or likeness. Once such violations have been discovered, retailers should warn their users to be alert.

“We urge internet users to be vigilant when they browse the internet, especially during Eid al-Fitr. Take a handful of seconds to double-check whether the URLs of websites contained in promotional posts on social media and messengers are genuine,” says Hall.

“Do not follow links from unknown sources, especially those that claim to be offering prizes or large discounts for completing a questionnaire, which is one of the most common scams currently in the Middle East.” 

According to Ahmad, BNPL providers must increase their understanding of users’ online identities rather than relying on usernames and passwords. 

Taking a layered approach and using technology designed for digital, such as device fingerprinting, behavioral biometrics, and location analysis, all help build a complete picture of each user when opening an account, login and beyond. 

“BNPL providers can make more informed and accurate decisions during onboarding, login, and payment if they better grasp their consumers’ digital identities. Aside from preventing fraud, this can also help decrease false decline rates and create a better user experience.”