Online Holiday Shopping Fraud: What Retailers Need to Know
Opinions expressed by Entrepreneur contributors are their own.
The last few months of the calendar are huge for any retailer. In the U.S., Black Friday, Cyber Monday and Christmas sales reached almost $937 billion combined just last year alone.
It’s also typically the time when retailers see an increase in fraud, with an 82% higher rate of daily attempts in the long weekend between Thanksgiving and Cyber Monday last year. However, experts say that retailers should brace themselves this holiday season in particular, as many factors have combined to make it an even more opportune time for fraudsters.
First, the combination of rising inflation and predictions of a recession in the next 12 months means that consumers with ever-tightening budgets are more likely to fall prey to false “deals.” Second, the latest technology such as generative AI enables fraud to be executed on a much larger scale than ever before.
Finally, crime does indeed seem to pay for fraudsters, as they are rarely held accountable for their crimes. New regulations in the U.S. are holding merchants and banks accountable for fraudulent transactions, while those behind them usually go unpunished. Generally, banks are more likely to be liable when the fraud involves an actual card, and merchants are more likely to be stuck with the cost for card-not-present transactions, when just the card’s details are needed, like online payments.
Here are four types of online fraud for which merchants should be on the lookout this holiday season.
Related: How to Transform Your Company’s Website Into a Real Money Maker This Holiday Season
1. Malicious generative AI
AI is being used to turbo-charge fraud, with tools such as WormGPT and FraudGPT now available for free on the dark web, where they are used for malicious purposes. FraudGPT can create very believable phishing scams, in addition to launching viruses and malware from websites that look like trusted retail sites but are in fact false. WormGPT can use data from chats to mimic customer support agents / trusted retail brands and thus trick consumers into giving confidential information (e.g. their credit card details), as well as create fake products on online marketplaces, generate counterfeit coupons and promotions that seem legit, and create fake online reviews.
Email security company SlashNext conducted an experiment wherein they asked WormGPT to generate an email intended to urge an unsuspecting account manager into paying a fake invoice. According to researchers, WormGPT’s email was not only remarkably persuasive but strategic and cunning, demonstrating its potential for sophisticated phishing attacks.
What can merchants do?
To defend against this latest threat, merchants should ensure that all cybersecurity training for their company, such as awareness programs, is continually updated to include the latest warning signs of fraud. These include things like language that implies urgency.
2. Website spoofing
Another type of online fraud that merchants should be aware of is website spoofing, or brand impersonation with the intent of launching phishing attempts to execute online fraud. Cybercriminals replicate a business site with an identical frontend to the original and a barely-changed domain name so that users are likely not to realize the site is fake and so to trust it with their personal data. In 2022, more than 4.7 million phishing attacks took place.
As long as the impersonated site is up, it damages the brand financially and reputationally, leading to customer churn. Memcyco’s Ran Arad refers to this critical time as the ‘window of exposure’: the time between when a counterfeit website is detected by Threat Intelligence Solutions, and its eventual takedown. In Arad’s words, “During this critical period, unsuspecting customers can be easily lured to the fake site, leading to potential monetary losses, data breaches and the exposure of personal identities. Alarmingly, many companies currently lack the insight to determine how many of their customers have fallen prey to scams during this vulnerable window.”
With the help of technology, brands can take these spoof sites down. However, the process can take too long to prevent customers being conned out of their money by fraud.
What can merchants do?
Instead, merchants should implement website fraud detection solutions that are able to identify fraud attempts in real-time. These will minimize the scope of damage and exposure of customer details as much as possible.
3. Gift card fraud
With gift card sales expected to reach $2 trillion by 2030, gift card fraud is also expected to increase — specifically around December time. Although there is an annual spike in gift card purchases in mid-December, Christmas Eve sees a staggering six to seven times more sales in gift cards.
Read More: Online Holiday Shopping Fraud: What Retailers Need to Know