E-commerce reached new heights during the pandemic as consumers interacted more with digital platforms and web apps. Then, cybercriminals stepped up their game, capitalizing on changes in digital behaviors and online shopping patterns by engaging in automated fraud attacks against online retailers.
According to the new Automated Fraud Benchmark Report: E-commerce Edition by PerimeterX, cyberattacks targeting the world’s largest online shopping websites increased in volume and sophistication throughout 2020.
The results stem from anonymously collected data amid online interactions of millions of customers with the help of a network of automated attack sensors integrated with web servers housing company applications and e-commerce platforms.
Analysis of the data shows considerable spikes in cyberattacks, including account takeover attacks, gift card cracking, checkout and scrapping attacks.
In September 2020, 84.71% of all login attempts were account takeover attacks. The researchers surmised that this uptick was most likely in preparation for Cyber 5 and holiday season shopping.
“Criminals are incented to try the same password and login credentials across numerous sites because consumers tend to reuse these combinations multiple times as a way to simplify their application management and avoid forgetting passwords,” the report reads.
Additional key findings include gift card hacking attempts that, unsurprisingly, covered nearly all holiday shopping periods of 2020. Significant spikes in e-gift card attacks were noted on July 4th, Memorial Day, Mother’s Day, Valentine’s Day, and Thanksgiving through Cyber Monday.
“The COVID-19 Pandemic increased the use of gift cards and fraudsters followed this trend in hopes of accessing valuable card balances either to use themselves for illicit purchases or to resell on the Dark Web,” the researchers explained. “Gift card attacks have also grown more sophisticated. The botnets that deliver these automated attacks are highly distributed: they use multiple IP addresses, multiple autonomous system numbers (ASNs) and many different devices.”
The report also shows that malicious actors preferred attacks against desktop users in favor of mobile devices, a surprising position given the increase in use of mobile apps and in remote workers.
“In 2020, the ratio of attacks against desktop versus mobile devices was roughly stable at one-third on mobile and two-thirds on desktop,” the PerimeterX researchers added.