Don’t let the online shopping mania blind you to a lurking threat: cyberattacks.
Both Amazon’s Great Indian Festive sale and Flipkart’s Big Billion Days (BBD) began earlier this week, latching on to the biggest shopping season in the country. The hyper-sales period is expected to draw 20 million online shoppers, a 54% jump up from last year. In any case, since Flipkart’s BBD was first introduced back in 2014, the scale of India’s online economy itself has snowballed from $4.5 billion to $25 billion, according to market research firm RedSeer Consultancy.
However, it’s not just the shoppers, e-commerce firms, and banks who are keen on this seasonal euphoria.
“A peak season for sales is obviously also a peak hunting season for criminals,” said Shrenik Bhayani, general manager at security solutions provider Kaspersky Lab (South Asia).
Multiple experts Quartz spoke with confirmed fears of a spike in financial phishing attacks in India between September and December.
What could go wrong, dear?
India is already a hotbed of online crime, with one reported every 10 minutes in 2017—up from one every 12 minutes in 2016.
It’s ranked the world’s second-worst cybercrime-hit country after the US, according to the March 2018 Internet Security Threat Report (pdf) by Symantec.
And there are many number of ways to get exposed to cyberattacks in India.
Criminals can create a fake webpage of a famous payment system or copy legitimate online retail sites or even create fully fake e-shops with attractive offerings. One can also be hacked when visiting an illegal website, where malicious software gets downloaded onto their devices.
“The consumer may not notice an additional charge and the credit card processor will have a harder time flagging unusual activity in a time of the year when there is a spike in activity and, thus, by definition, the patterns are ‘unusual,'” said Aviram Jenik, CEO of cybersecurity firm Beyond Security. “On top of it, during bank holidays and office closures, credit card transactions are saved but not synchronised, which means a thief has a headstart to make a getaway before the attack is noticed.”
The e-commerce brands can also be a target of a distributed denial-of-service attack, or their huge database can be breached, therefore, putting the personal information of millions of shoppers at risk.
India’s not alone
Cyberattacks, especially during shopping festivals, are a global trend, as seen with the massive Target hack between Black Friday and Dec. 15 back in 2013.
Between mid-August and mid-September this year, US-based cybersecurity software services firm Symantec blocked almost a quarter-of-a-million instances of attempted formjacking—the use of malicious JavaScript code to steal credit card details and other personal information from payment forms on the checkout web pages of e-commerce sites.
A third of these 248,000 instances—81,000 of them—occurred in the week starting Sept. 13—double the figure from a month earlier.
Websites affected ranged from a fashion retailer in Australia to a supplier of outdoor accessories in France to a fitness retailer in Italy.
So, Indian shoppers would be well-advised to play safe.
Expert tips to stay safe
Ritesh Chopra, director, Norton by Symantec: Maintain overall hygiene. Things like making sure your passwords are strong, you change them often, you don’t share them with people, and you don’t have one password for multiple websites. When using any wifi access, check if it is safe and reliable.
Jenik of Beyond Security: Make sure the site has a valid SSL certificate (your browser will show the site as “secure”). Stay away from sites that display strange or cryptic error messages while you browse or shop—those are indications of bugs in the underlying programming code of the site which typically indicate security problems, too. See if the site has a “security seal” that displays the fact that regular security checks are done by a third party, and finally, do a quick google search to see the website’s history when it comes to security.
Bhayani of Kaspersky Lab (South Asia): Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious—created to download malware to your device or to lead to phishing web pages aimed at harvesting user credentials.
Ryan Johnson, senior manager, international public policy, Access Partnerships: Whether offline or online, the old adage applies: If it sounds too good to be true, it probably is. So shoppers should think critically and not get swept up in the rush for deals.