Online shopping and e-commerce are on the rise and are here to stay even after the pandemic. However, the threat landscape is also constantly evolving with cybercriminals becoming more elusive and subtle with their scams. According to a consumer survey conducted amongst 11,200 internet users earlier this year, around 67% in APAC came across various online scams in the past 12 months, with the most common types being online shopping (21%), social media (18%) and investment (15%) scams.
Figure 1
Of those who fell victim to online shopping scams, 32% said it involved tech gadgets such as cameras while 27% said it was related to apparel. More worryingly, the survey also revealed that around 15% of respondents will continue to shop with an online retailer even if they have suffered an online breach, regardless of whether additional safeguards have been put in place.
More vigilance and cyber hygiene are needed while shopping online using mobile devices
Many respondents from ESET’s survey, especially from Indonesia (89%), Thailand (79%), India (74%) and Singapore (74%) primarily shop online using their mobiles phones instead of tablets or laptops.
Despite this, only about 23% of respondents across APAC said they use antivirus or mobile security app on their smartphone. The lack of cybersecurity measures on smartphones is worrying because they are now primarily used for online shopping and would naturally contain sensitive financial data such as credit card information.
Over the past year, malware targeting financial data on mobile devices has become increasingly common. For instance, Android banking malware saw a continued increase of 49% between May to August 2021 after rising by an incredible 158.7% in the first four months of the year.
Figure 2
The rise in e-commerce has inevitably led to more opportunities for online scammers to strike. As people continue digitalising their lives, consumers need to take care of their data as cybercriminals are using more sophisticated methods to penetrate the systems of users and steal their money. Furthermore, around 10% of respondents across APAC said they found fraudulent charges in their bank accounts, mobile wallets or mobile payment apps last year.
Consumers cannot be complacent and need to take an active role in cyber hygiene to stay protected. There are far reaching consequences if consumers do not pay close attention to possible threats.
Here are some essential tips to bear in mind when you shop online:
- If an offer seems too good to be true, it probably is.
- Cybercriminals often use great discounts to lure unsuspecting victims.
- Ensure that the shopping site or app you are using is legitimate.
- Bookmark shopping sites that have been verified and use that link for future purchases. While it is a good idea to ensure that a website that you are shopping on uses encryption (HTTPS), do note that even malicious phishing sites can now show a padlock icon and https, which could mislead people into thinking it is a legitimate site.
- Always download mobile shopping apps from the official app store.
- Refrain from using public Wi-Fi when making purchases.
- Cyberattackers can exploit inconsistent or lax public Wi-Fi security to infiltrate a poorly secured network to monitor the victims’ traffic and redirect them to fraudulent login pages. Another threat is posed by “evil twin” attacks, wherein the attacker creates a malicious Wi-Fi network that carries a similar name to the public network to dupe victims into providing direct access to the devices and sensitive data.
- Check your card or bank statements regularly for unauthorised transactions.
- You should also look out for small amounts as cybercriminals might ‘test’ your card before placing a larger transaction. Another good idea is to enable security alerts for financial or card transactions on your account.
- Use a cybersecurity solution on your devices.
- A good cybersecurity solution such as ESET Internet Security and ESET Mobile Security for Android have a payment protection feature that is designed to protect your financial data during online transactions.
- Enable multi-factor authentication (MFA) on your most important online accounts.
- MFA is an authentication method that requires the user to provide two or more verification factors to gain access and helps add an additional layer of security.
- Do not share or divulge your PIN codes or online banking passwords when making a payment online.
- Your PIN should only be used at ATMs and physical, point-of-sale terminals, such as supermarket check-outs.