McAfee’s 12 Scams of the Holidays: 3 Tips for Online Retailers
Thanksgiving isn’t quite upon us yet, but holiday decorations have already hit the shelves as retailers prepare for their busiest season of the year. This year more than ever before, holiday shoppers will be going online to find the best deals, and many more will rely on tablets and mobile devices for guidance both in-store and at home. Online holiday shopping is expected to reach as much as $96 Billion this year, which means big business for both online retailers and (unfortunately) cybercriminals.
Each year, McAfee presents the “12 Scams of the Holidays” to help consumers stay one step ahead of seasonal scams, but the list offers valuable insight for merchants as well. Below are a few key takeaways to help online retailers make sure customers go home with gifts, not malware, this holiday season:
1) Grinch in Disguise: Beware Phony E-tailers!
One of the biggest draws of online shopping is the ability to shop around for the best price. As consumers jump from one site to another and scramble for last-minute gifts, there are countless opportunities for scammers to dupe them with fake websites. Phony eCommerce sites are becoming increasingly hard to differentiate from their legitimate counterparts, and they often use great deals and too-good-to-be-true prices to lure shoppers in.
Merchants can fight back against these Grinch sites in disguise by displaying a variety of Trustmarks or security badges on their websites. These living icons not only prove to consumers that you are a legitimate retailer, but also provide additional security benefits like vulnerability scanning or secure payment gateways.
Still, clever scammers can and will use fabricated trustmarks to appear legitimate, so be sure to educate your customers on how spot a fake security badge.
2) Holiday Spam and Phishing Attacks
Most savvy online shoppers know something about phishing emails, which are designed to spread malware or steal sensitive data. While some spam emails are obviously fake, many are getting tough to spot as cyber Scrooges perfect their game.
The best scammers often use real business logos and corporate email templates to trick users, and emails with subject lines pertaining to account or order inquiries also make for excellent bait. This means that merchants must take extra steps to communicate this danger to their customers and keep their brand from being successfully leveraged for a phishing attack. Here are a few tips to keep in mind:
- Order and Account Inquiries – Always direct users directly to your website when asking them to provide sensitive information. If you make it a corporate policy not to ask for personal data in emails, messages that do ask for this information will immediately stand out as suspicious. Additionally, contact information should be clearly provided on every official email communication to ensure that consumers can contact your support team if they have any issues or concerns.
- Account or Site Breach Notifications – The holidays are prime time for site breaches, and “account compromised” notifications are often used for phishing scams. In the unfortunate event of a hack, it’s important for merchants to not only alert customers via email, but also update any social accounts, corporate blogs, and/or Help Center pages with pertinent news about the situation. This will help consumers triangulate proof that there was indeed an incident.
3) Santa’s Sleigh for Malware: Malicious Mobile Apps
Smartphones are going to play a huge role in holiday commerce this year, both online and offline. Mobile users as a whole have already gone app crazy, downloading over 25 billion apps for Android devices alone, and there will be no shortage of new apps to help consumers manage gift budgets and browse hot-ticket items this season.
The bad news is that mobile platforms also present a new vector for hackers to exploit consumers. In addition to overtly malicious applications, 33% of apps surveyed by McAfee ask for more information than they need, such as access to a user’s contacts or location. Merchants with their own apps can take steps to ensure that users stay safe by sticking with official stores likes the Apple App Store, Google Play Store, or Amazon App store.
In addition, retailers with optimized mobile sites need to implement strict website security that encompasses mobile vulnerabilities, to help keep customers safe no matter how they decide to buy.
Happy Holidays: It starts with you!
While the holidays are a key sales time, online retailers have a year-round responsibility to protect their customers. Online safety can only be achieved if consumers and merchants alike take the time to educate and protect themselves, which will in turn boost trust in eCommerce as a whole.
By watching the news, being transparent, and instituting proper security, merchants can not only improve sales conversions, but also build long-lasting customer relationships. While no method of protection is foolproof, taking security into consideration by following good business practices is an important step in the fight against hackers.
Share your thoughts on this topic in the comments below, and be sure to follow us on Twitter at @McAfeeSECURE for the latest in eCommerce news and events.