As Fraudsters Ramp Up Data Theft, Holiday Season Identity Fraud Beckons for Retailers

Increasing data breaches lead to identity theft, but it’s not the only danger lurking around the retailers in the 2018 holiday shopping season. 

holiday season

We’ve discussed before how fraud and cybercrime are two sides to the same coin. The former is fueled by the continual influx of stolen identity data onto dark web marketplaces. A large volume of this information comes from traditional data breaches. However, this is only one piece of the puzzle: there are plenty of other mechanisms for fraudsters to get their hands-on personally identifiable information (PII).

Unfortunately, recent stats indicate that phishing, fake apps and fake social media accounts are all on the rise. That could spell trouble for retailers ahead of the busy 2018 holiday shopping season.

Scams are Everywhere

Nearly 500,000 unique phishing websites were detected in the first half of 2018, according to the Anti-Phishing Working Group (APWG), a 33% increase on the previous six months.1 Many of these will be spoofed retail sites designed to trick customers into handing over their account log-ins and personal and financial information.

Many phishing scams start with an email spoofed to appear as if it came from a legitimate retailer, but some can be more elaborate. So-called “angler attacks” are becoming increasingly popular. In this set-up, cyber-criminals register fake Twitter accounts that masquerade as real customer support accounts. They then monitor the real support accounts for irate customer messages and reply to those users. These replies are booby-trapped with links to malware and phishing sites, where they’ll try to elicit more personal info from the target.

Unfortunately, there are estimated to be nearly three times as many fraudulent online social accounts then legitimate business profiles, following a five-fold spike earlier this year.2

Fake apps are another popular tactic for fraudsters. Designed, like phishing sites, to trick the user into believing they are run by a well-known retail brand, these applications are just an elaborate way to harvest customer PII, card details and account log-ins.

Here Come the Holidays

The bad news is that scams leveraging all the above tactics are likely to see an uptick as fraudsters look to cash in on the busy holiday shopping season starting in November. Fake apps have even found their way onto the official Apple App Store in the past.3 Then there’s the huge volume of breached identity data available on the dark web. According to ITRC Data Breach Report, as of early October there had been 932 data breaches in the US alone this year, spilling over 47 million records.4

What does this mean for your fraud and risk teams? It means they’ll be under more pressure than ever this holiday season to discern the legitimate from the fraudulent transactions — to minimize losses without impairing the end-customer experience.

That requires a new approach: a platform that has the flexibility to adapt as fraud evolves, ensuring that those on the frontline always have the information they need to make the right decisions. Simility is different from most other tools out there. It is a comprehensive fraud prevention solution which detects, reports and mitigates fraud in real time. By ingesting a huge variety and volume of data, before applying powerful analytics and dynamic machine learning models it enables fraud investigation teams to react quickly to changing fraud patterns, while making the complex simple through intuitive data visualization.

As part of the PayPal family, we’re here to help retailers around the world to prosper this holiday season. We want you to remember the final quarter of 2018 for driving sales and growth, not being submerged in a flash flood of fraud.

Want to learn how to make your business more profitable this holiday season? Schedule a demo now.

1.  APWG – Phishing Activity Trends Report 2018.
2. Sophisticated’ fraudulent accounts now outnumber real business accounts on social media, The Telegraph,
3. Scam alert: These apps look legit, but they will steal your money, Clark Media,
4. ITRC Data Breach Report,
Kedar Samant

Kedar Samant

Kedar Samant is a seasoned technologist and a fraud and risk management expert. Kedar co-founded Simility and crafted the vision for Simility’s disruptive approach to fraud management. He has been key in establishing Similty’s product superiority and driving innovations. Kedar brings a wealth of experience from his prior stint at Google where he built the platform for fighting fraud and abuse across Google’s products. Prior to Google, he held technology leadership positions across industries including banking and online services.
Kedar Samant