In the UAE specifically, the rise in e-commerce is primarily driven by mobile-first habits and one of the world’s highest smartphone penetration rates. Given increases in mobile shopping throughout the UAE and wider Gulf region, cybercriminal networks are increasing operations and targeting consumers by, for example, sending phishing emails or text messages advertising deals that are actually scams tricking consumers into revealing financial data or permitting malware installation on their devices. Consumers are also increasingly exploited through fake shipping invoices, customer surveys, or other misleading communications. Additionally, cybercriminals increasingly call individuals directly and request personal information to verify a nonexistent order.
To steer clear of data theft and other cybercriminal attacks, customers should always remain wary of unexpected emails, keep track of their online orders and purchase histories, and never divulge personal information to unverified parties. Simple other steps, such as checking for the padlock icon in the address bar when shopping online, are equally valuable to maintain good online cyber hygiene as the icon indicates that data sent to the website, including payment card information, is protected in transit, thus minimizing the risk of interception or loss.
When it comes to retailers, physical point-of-sale (POS) terminals, poorly maintained websites, and unsecured e-commerce platforms are all perennial weak spots. All three are lucrative entry points for cybercriminals, who are not only after financial data but also customer information including purchasing habits or personally identifiable information such as payment card numbers, which can be sold on Dark Web forums. Third party suppliers also pose a risk given that retailers often have poor visibility into their security practices. For example, if a security-hardened retailer works with a third-party supplier with poor security hygiene, attackers can gain access to the retailer by targeting and infiltrating the supplier. Since the supplier enjoys trusted access to the retailer, attackers can exploit that trust – leaving even cyber-secure retailers vulnerable.