Ecommerce is getting extra attention from cybercriminals catalyzed by COVID pandemic

The COVID-19 pandemic has given opportunities for online criminals targeting e-retailers and their customers. As ecommerce traffic and purchases surged after governments around the world imposed stay-at-home directives, total monthly online fraud attempts rose and the scammers made online retailing their top target.

During the 104 days from Dec. 30, 2019, through April 12, 2020, the total monthly volume of malicious online activity—such as “phishing” emails and domain spoofing—worldwide grew 33%, according to a study from cybersecurity company Mimecast Ltd. Retailers were hit harder than any other sector by malware and domain spoofing and were a close second to manufacturers in total detections, Mimecast says. Worldwide, malicious activity detections for the retail/wholesale sector were 498,521 for the period examined, compared with 501,708 for manufacturers. In the U.S., those numbers were 231,791 and 262,470, respectively, the company reports. Mimecast compiled the data from examining what it detected from the more than 36,000 organizations using its services. 

It’s unusual for online criminals to focus so heavily on the retail/wholesale sector outside the holiday season, says Carl Wearn, head of risk and resilience for e-crime and cyber investigation at Mimecast. Generally, sectors like banking and professional services get the most attention. 

But when stores closed due to the widespread stay-at-home directives, consumers went online and made record online purchases of things like food and household essentials. Overall, U.S. online sales increased 49% in April over the prior year, according to Adobe Analytics.

All that coronavirus related traffic suddenly made online retailers a very appealing target, Wearn says.

“Criminals are opportunists, they go after the biggest opportunity,” Wearn says. And for the crooks, he says, finding and executing internet scams is a full-time job. 

Criminals were attracted to people working from home

In addition to the increased traffic to retail websites, a critical factor attracting criminals was the increase in stress, compounded by millions of people either unemployed or working from home, Wearn says. The result was a surge in “phishing” emails—those that try to attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity. Domain-spoofing is also on the rise. The number of blocked malicious domains were generally 500 or less in January 2020 and grew to almost 4,500 per day on several days in mid-March. Mimecast’s blocking activity blocked more than 115,000 spoofed domains during the period analyzed, more than half of which were COVID-19-related. 

Domain spoofing occurs when a scammer appears to use a company’s domain name to impersonate the company or one of its employees. Criminals do this by mimicking a company’s logos and design elements in emails and websites. Spoof emails contain links to domain names intended to seem legitimate. Scammers set up the sites with prompts to enter sensitive data, such as credit card numbers.

During the pandemic, criminals turned to imitate major retail brand websites, such as the ecommerce site Walmart Inc. (No. 3 in the 2020 Digital Commerce 360 Top 1000) and Costco Wholesale Corp. (No. 16), Mimecast found. The goal: Steal from unsuspecting buyers as they seek to buy essentials online, Wearn says.

During the period Mimecast examined, the company says its software detected a 55.8% increase in blocked clicks to malicious URLs by Mimecast software and a 35.2% increase in malware detection. Impersonation detections grew by 20.3% and spam email messages increased 26.3%.