Tushar Mathur (name changed), 48-year old Delhi-based creative art director, wanted to gift his wife a Louis Vuitton bag for Deepavali and decided to order it online. After seeing great ‘festive’ deals on the seemingly-genuine website — LouisVuitton.in, Mr. Mathur paid Rs 36,000 for the bag. The bag was delivered to his place as promised, only it turned out to be a cheap imitation. Mr. Mathur tried to visit the website again to complain but the website no longer existed.
Mr. Mathur is not alone. While the festive season is a boom time for online retailers and bargain hunters, cyber criminals also take advantage of this surge in online transactions.
According to cyber security solution provider Check Point Software Technologies (CPTS), every year around festive season there is a spike in the number of new domains registered that contain the word ‘Deepavali’. “This year we found a 200% increase in the number of new domains registered that contain the word ‘Deepavali’. Three per cent of these domains have been found to be malicious and another 31% are suspicious,” Harish Kumar, Head, Enterprise & Government, CPTS, India & SAARC told The Hindu.
Mr. Kumar added that threat actors come out in full gusto during festivals as customers let their guard down and tend to keep their foot up.
Likewise Amit Jaju, Sr. Managing Director for India at advisory firm Ankura, said based on the inquiries they have received and online statistics, there had been over 300% increase in cyber incidents in recent weeks leading up to Deepavali.
“Social engineering attacks’ are the most commonly deployed form of attacks,” Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock said. These attacks use psychological manipulation to trick users into making security-related mistakes such as clicking on legitimate looking emails, weblinks or social media messages. While such attacks fall under the umbrella of ‘phishing attacks’, these are more sophisticated. Attackers may pick up some information already available about consumers and then build on it to trick them into taking an action.
Mr. Chopra said the threat of cyberattacks has increased as most consumers are ready to trade information for convenience and saving money. “The lure of these things gets us into the trap… Criminals play on our psychology, whether it is fear or convenience or greed…or all of these things combined.”
“We all know about cookies… if cookies are being tracked and you have been looking to travel or buying a gift card… A threat actor can come back to you with a fake offer specifically for what you want,” Mr. Chopra said.
Mr. Jaju added that in 2021, India witnessed five major data breaches on companies ranging from pizza delivery, mobile wallets, social media giants, airline to discount brokerage. “This data is now mined to launch targeted attacks via SMS, messaging apps, phishing emails or in some cases, phone calls with the context of redeeming expiring reward points or cashback offers. All of these are meant to eventually steal credentials or OTP codes from the target,” he said.
Nitin Bhatnagar, Associate Director, PCI Security Standards Council said, “The most effective way to avoid these attacks is to keep devices used for social media browsing and general internet surfing separate from devices used for financial transactions.”
Savvy hackers misuse targeted ads on social media to lure customers into buying out of stock items such as gaming consoles or other gadgets. Clicking on these ads would lead the person to a phishing website of an e-commerce company, luring the person into sharing their credentials. In many cases, this activity takes place over a mobile phone where visually differentiating a phishing website vs a genuine one is very difficult, Mr. Jaju said.
One can avoid these traps by regularly changing passwords, deleting unwanted apps, blocking high value, international and e-commerce transactions on their cards through the Bank’s app and only enabling them temporarily when performing a transaction, he added.
“One should not click on links received on their mobile devices but visit the e-commerce app or website themselves to shop for items and follow basic digital hygiene. It is also important to stop storing card details on websites for faster checkout,” Mr. Jaju cautioned, adding that this will prevent hackers from retrieving card details in case the site gets breached.
Consumers should also be cautious on micro blogging sites to identify fake customer care and on used goods e-commerce apps. Having fraud protection and insurance from banks or third parties to cover the limit of cards is also crucial.
“This whole cybercrime thing is like a cat and a mouse. No matter how hard we all try, the cyber criminal just needs to win one day and that one day they make the fortune they are after or they steal data which they are after… we have softwares, we have enterprises adopting good practices around it…but the thing which comes up to be most important is your own hygiene factors,” stressed Mr. Chopra.