Retail fraud up 700 percent for the holiday shopping season

As we enter the busiest period of the year for retail sales, there's less than cheery news that scraping, loyalty card fraud and payment card fraud have increased by a collective average of over 700 percent as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns.

A new report from Cequence Security finds threat actors are evolving their tactics, opting for a more nuanced approach that spreads attacks across a broader timeframe to blend in with legitimate traffic and evade detection ahead of peak holiday shopping times.

"The 2023 holiday season exposed a chilling reality: cybercriminals are employing increasingly sophisticated attack methods and meticulously planning months in advance to exploit vulnerabilities,” says William Glazier, director of threat research at Cequence. "This long-term approach allows them to target unprepared retailers and unsuspecting customers, particularly during peak shopping periods. This shift underscores the urgent need for heightened vigilance and proactive security measures throughout the year."

In the second half of 2023, gift card fraud increased by 110 percent, while account takeovers are up 410 times. There's also been a surge in numbers of products added to carts via automated tooling to flood systems, purchase as many in-demand items as possible and effectively corner the market.

Cequence detected malicious traffic from 719 million unique IP addresses and 325 million malicious login attempts from June to November 2023, highlighting the scale of today’s threats.

"To combat sophisticated threats targeting APIs, today’s organizations must fortify their defenses with a holistic security approach that safeguards their APIs throughout their entire lifecycle," Glazier adds. "This includes discovering and cataloging all APIs, ensuring rigorous adherence to industry standards, and deploying advanced threat detection and mitigation tools to defend against attacks."

The full report is available from the Cequence site.

Image credit: AntonioGuillemF/depositphotos.com