Retailers have always been a lucrative target for cybercriminals and their phishing scams — even more so during peak shopping times. The thing is, cybercriminals always follow the money and opportunistic hackers will find ways to cash in on spikes in consumers’ spending.
During the coronavirus lockdown, for example, global payments systems provider ACI Worldwide found that online sales for retailers dramatically increased. It reported a 74% growth in average transaction volumes in March 2020, compared to the same period the year before. However, while they saw an increase in online sales, they also saw a spike in fraudulent activity and Covid-19 phishing scams.
We see a similar trend around retailers’ busiest shopping period of the year – Black Friday.
A golden opportunity for fraudsters
US shoppers spent a record $7.4bn on Black Friday in 2019, and a further $9.2bn on Cyber Monday. In the UK, Barclaycard reported that transaction value was up 16.5% in 2019, compared to Black Friday in 2018. A golden opportunity for fraudsters. When we surveyed IT decision makers at UK and US retailers, the majority told us the number of number of phishing attacks their company receives during the Black Friday weekend spikes. In fact, respondents said they receive more phishing attacks in the last three months of the year – in the lead up to the holidays – compared to the rest of the year.
Consequently, one in five IT decision makers told us that phishing poses the greatest threat to their retail organization during peak shopping times. They identified phishing as a bigger threat to their business than ransomware or Point of Sale (PoS) attacks.
Their reasons? They aren’t confident that their staff will be able to identify the scams that land in their inbox during these busier periods, namely because people are receiving more emails at this time and are more distracted. A third of IT decision makers in retail also told us that phishing emails are, simply, becoming harder to spot.
The high price of a phishing attack
The devastating consequences of falling for a phishing attack are troubling the IT leaders we surveyed. Over a third said financial damage would have the greatest impact to their business following a successful phishing attack. It’s not surprising. Today, the average cost of a phishing attack on a mid-size company is $1.6 million. For small businesses, the cost of a cyber attack stands at just over $53,000 – a devastating blow for any small retailer and one that could put them out of business.