Threat actors have their day too!

According to March 2018 Internet Security Threat Report by Symantec, India ranked the world’s second-worst cybercrime-hit nation after the US, with one online crime reported every 10 minutes in 2017.

Online sales scams

A report released by global security company, McAfee, from the survey ‘A Christmas Carol – Scam Edition’ reveals around 56% of Indians have been cheated online, while shopping, and one in 4 Indians was a victim to phishing emails and phishing texts, throughout the festive season. A significant percent of 28.6 lost upto Rs.20,000 due to fake retails sites.

This indicates how online sales during the festive season has also duped significant number of consumers by taking them to ‘sketchy websites’. Other scams included, phoney apps, discount scams, fake online stores, deceptive gaming sites and more.

Thanks to its convenience of use, the digital payment mode is seeing a rapid growth in India with the increase in the Internet and mobile penetration even across small towns. Moreover, there are also these online payment platforms that have simplified transactions. However, the road blocks in the form of online frauds, scams and online security issues besides lack of awareness about the risks involved with online transactions are growing concerns among shoppers.

A statement issued by the Indian Ministry of Commerce and Industry, recently, reveals that there are nearly 14,000 cases of online shopping frauds since August 2016. As per Forrester Research India, the retail sector today accounts for over 10% of the country’s GDP. Just online retail via mobile will grow at a CAGR of 15.6% to reach US$1 trillion in 2020, up from US$539 billion in 2016.

Another report says, India generates the maximum number of spams and phishing mails among Asian countries. Infact, phishing in India is becoming innovative in the way fraudulent websites and spoofed emails are fooling recipients into revealing personal data, credit card numbers, account usernames and passwords in addition to other sensitive information.

These fraudulent marketplace sellers use renowned brands, pretending to represent them. The malicious actors can possess login details and get access to a significant of personal credentials, more so during great sales done annually by leading brands.

Yes, it is a global phenomenon. Annual events similar to Black Friday is becoming trendy and popular in India too. Smart phones and mobile wallets are fueling sales as customers explore for best deals online, but many a time become victims to phishing and cyber frauds.

What should users do?

Users should not bite the bait and become victims to fake messages, offers, discounts and fake lucky draws on WhatsApp, FaceBook messenger, Telegram, Email and other social media platforms created by fraudsters.

It is important to have a robust cyber security strategy in place, which is very critical for online retailers today. This should include tight controls on payment processes through data governance, secure cloud services and leveraging of new age technologies to strengthen cyber security.

Zscaler platform is the world’s largest security cloud, built in the cloud for the cloud. Trusted by G2000 leaders, Zscaler provides an architectured approach to secure IT transformation in which software defined policies and not networks securely connect the right user to the right app or services, thus bringing in a new approach to secure the ever changing world of IT.

The Zscaler team of cyber security experts will actively support in tracking down and blocking various malicious attacks, campaigns and tools used by threat actors. Our team diligently works round the clock to protect customers from even the most complicated and latest cyber-attacks. In addition, we caution users to protect themselves when shopping online, especially during the sale season, by regularly reviewing our security checklist:

* Change your passwords for critical and important accounts.

* Enable two-factor authentication, or “2FA”.

* Ensure HTTPS is inspected by your security solution; check for HTTPS/secure connections when visiting shopping/e-commerce/financial websites.

* Be vigilant about invoices/orders arriving in email; do not forward such attachments to anyone and be sure to follow IT protocol.

* Be vary of tracking number links in emails from shipping/courier companies, as they may direct you malicious sites.

* Do not click on any links from unrecognized senders; even if you do not follow through, the action of clicking the URL is a beacon for the attacker.

* Do not provide any credentials via Google docs; legitimate vendors do not ask for credentials via this medium.

* Avoid using public or unsecured Wi-Fi connections for shopping.

Consumers can also file complaints at the portal, consumerhelpline.gov.in. The National Consumer Helpline (NCH) has also joined forces with some companies to resolve customer complaints.

With threat actors increasing exponentially, it is very critical for online shoppers to think carefully and not get carried away in a hurry for getting the best offers by them.

-- Scott Robertson, VP, Asia Pacific & Japan, Zscaler.