Online shoppers can expect fraudsters to be at the height of their creativity during the 2016 holiday season.
The payments industry has been bracing for a fraud spike during this year's
In the same way criminals set up fake apps to take advantage of those during the
"It's not a man-in-the-middle attack, where the hacker gets between the victim and the bank or retailer," Damri said. "In this attack, the fraudster acts like a reseller."
To do that, criminals create look-alike websites, or those that appear to be legitimate stores. Everything on the site appears similar to what you would see on a regular retailer site, except the product prices are lower — as a bait for their traps.
"Fraudsters invest in search engine optimization to show up in relevant search terms, and they buy ads on Google or Facebook, and they leave links to their sites on forums, review sites and comments in articles," Damri added.
As a transaction registration takes hold, fraudsters are being given up-to-date payment data enabling them to "go to town with someone else's account," Damri said.
Fake mobile apps will be more common, possibly even in Apple's App Store, which has a reputation as a relatively safe space for consumers because of Apple's strict vetting process.
"The criminals capitalize on this sense of security, of course, which made it more likely that consumers wouldn't look too carefully at whether the app they were downloading was Overstock or 'Overstock Inc.,'" Damri said.
The tactic echoes older Web-based crimes wherein fraudsters would purchase domain names that were similar to legit companies (such as "paypa1.com" with the
As a guide for merchants, Forter developed a "fraudster wish list" for the 2016 holiday shopping season, citing the stolen products scammers are most likely to sell at a low price or post on a totally fake site as a ruse to obtain payment card information. This list includes designer watches and handbags, Apple computers and Android phones, as well as digital goods and virtual gift cards.
Tel Aviv-based
