In yesterday’s blog, I wrote about how easy it is even for a skilled Cybersecurity professional, with years of experience, can still fall prey to a Cyberattack. Even though I am not a skilled technician such as being a Penetration Tester or even that of a Threat Hunter, I have written enough through the years as to what to be on the lookout for when receiving for example, a Phishing E-Mail.
I also know what precautions to take to protect my financial data other forms of valuable PII.
After all, I should practice what I preach, right?? LOL. Anyways, this theme of fraud is only going to continue to get worse over time. But the problem is that there is very often a line that is blurred between Cyberattacks and Fraud. In other words, people think that both are the same thing. To a certain degree both are, but the ramifications of both are very different.
For example, with a Cyberattack, this pretty much entails just going after the IT Assets of a business, in the hopes of getting the PII of the victims. In these instances, the Cyberattacker is simply motivated by money, and thus, will sell this information on the Dark Web.
Typically, after this has been done, the Cyberattacker will then move on to their next target in just a matter of hours.
They really do not want to waste the time going after these targeted victims, rather, their main intent is then to move onto bigger and better things. After all, anything that is digital with a database is their oyster.
But with the Fraudster, their main intent is to not only capture (or somehow get this PII) this confidential information and data, but also to keep doing more damage to the victim, such as using the PII that has been captured to engage into such activities as credit card fraud, and even long term Identity Theft.
So yes, a Cyberattacker can also be a Fraudster, if they not only just steal the PII, but use that for long terms purposes as well. But keep in mind these differences as well, as I have detailed them. But also, as I have mentioned, there are seasons throughout the year in which the Cyberattacker is known to come out in full swing, and now is one of them, which is the Holiday Shopping Season.
For example, a research study conducted by iovation discovered that there has been an almost 30% increase in Online Fraud activity from this year versus the same time period exactly one year ago. But when compared to 2017, this is an increase of almost 60%.
The time frame for this study is from the very beginning of Black Friday (who knows when the official start date for this is) to the very end of Cyber Monday.
But, according to a different research study, Transunion which is entitled the “2019 Holiday Retail Fraud Survey”, nearly half (46%) of online shoppers here in the United States are afraid of becoming a victim fraud, and quite surprisingly, the Baby Boomer generation seems to be the most concerned, at an overwhelming 54%. More details on this study can be seen here at this link:
When you take both of these studies into consideration, here is an actual breakdown of legitimate shopping activity versus fraudulent activity:
Thanksgiving, Nov. 28: 16% of legitimate holiday weekend transactions; 17% of suspected fraudulent holiday weekend transactions;
Black Friday, Nov. 29: 26% of legitimate holiday weekend transactions; 25% of suspected fraudulent holiday weekend transactions;
Saturday, Nov. 30: 19% of legitimate holiday weekend transactions; 19% of suspected fraudulent holiday weekend transactions;
Sunday, Dec. 1: 17% of legitimate holiday weekend transactions; 17% of suspected fraudulent holiday weekend transactions;
Cyber Monday, Dec. 2: 22% of legitimate holiday weekend transactions; 21% of suspected fraudulent holiday weekend transactions.
It is very interesting to note, that based upon the above numbers, the ratio between legitimate shopping versus fraudulent activity is about the same; I was thinking that the latter would be much higher actually.
These studies also examined what kind of mechanism was used most for the online shopping, and to no surprise, it was the Smartphone. In fact, a total 63% of the respondents used this for their shopping.
Here is a day by day breakdown of how much the Smartphone was actually used:
64% on Thanksgiving, Nov. 28;
63% on Black Friday, Nov. 29;
67% on Saturday, Nov. 30;
66% on Sunday, Dec. 1;
57% on Cyber Monday, Dec. 2.
My Thoughts On This
These studies even went so far as to examine which cities are the most prone to Fraudulent Activity. Here is what they found:
I also find this quite interesting. One would think that the majority of Fraudulent Activity would take place in the larger cities, such as those of LA, NYC, and Chicago amongst others. These are cities I have never even heard of before. But, it only further underscores that the Cyberattacker can launch their threat vectors from literally anywhere at any time, and it is not the big fish that they are going after, rather it is the smaller targets such as the cities listed above.
As I said in yesterday’s post, the only thing you can do is to keep proactive, but most importantly, always keep a vengeance on your credit card and banking info. It is best to do this online. At the beginning of this blog, I had mentioned that the Cyberattacker now likes to come out at different times of the year.
So, when the is the next peak season for them? It is tax season, where it just around the corner. But there are many more entities at stake here, it is not just the SMBs and individuals. Included in this round is the IRS itself, accountants, other tax preparers, etc. to just name a few.
In fact, it has gotten so bad now that your tax preparer has to confirm your identity before they can e-file your tax return, and report to the IRS what documents they used to do that.
This is a crazy world now, right??? LOL.