Cybercriminals turn to phishing and pretexting to scam online shoppers out of their payment details during high street closures

This article is brought to you by Retail Technology Review: Cybercriminals turn to phishing and pretexting to scam online shoppers out of their payment details during high street closures.

Cybercrimes targeting online shoppers are most likely to come from outside the retailer’s business, according to a new report from Verizon Business.

The report, which has analysed more data breaches and phishing attacks than ever before, shows the vast majority (84%) of data breaches in the retail industry are external, and most are financially motivated (99%). A third of retail industry breaches (33%) involved theft of credential data. The data compromised all consisted of sensitive critical information including payment (42%), personal (41%) as well as credentials (33%).

According to The Verizon Business 2021 Data Breach Investigations Report (2021 DBIR), System Intrusion, Social Engineering and Basic Web Application Attacks represented 77% of breaches in retail, meaning tactics like phishing and pretexting have been on the rise over the past year. In fact, phishing was present in over a third of the breaches Verizon analyzed – a spike compared to the quarter identified in last year’s report – and is likely due to criminals targeting a broader range of people who had to shop online when high streets were forced to close during pandemic-related lockdowns.

“The retail industry continues to be a target for financially-motivated criminals looking to cash in on the combination of payment cards and personal information this sector is known for,” said Alex Pinto, Lead Author of the DBIR. “Social tactics included pretexting and phishing, with the former commonly resulting in fraudulent money transfers. Some 54% of all breaches across the retail industry had some form of human element involved, which is a very significant number in a field as diverse as retail. We’re hoping retailers take notice of these findings and use them to help inform their defense strategies moving forward.”

The 2021 DBIR examines data breaches from across the Retail space, as well as other industries such as Finance & Insurance, Healthcare and Public Administration. It analyzes 725 security incidents, 165 with confirmed data disclosure from the retail industry based on findings collected from 83 contributors across the globe. The report sheds light on how the most common forms of cyber-attacks affected the international security landscape during the global pandemic. While financially-motivated crimes from external sources were rife across the retail industry, Healthcare breaches were most likely to be due to basic human error, Finance & Insurance firms were most at risk of misdelivery – and Public Administration companies were vulnerable to social engineering attacks.