Security Threats Loom in Your Cart: Malicious Activity From Online Shopping in the Enterprise

January 26, 2021

Over the 2020 holiday season, shoppers ditched the storefronts and took their business to online retailers — a trend that is likely to continue throughout this year. Amazon, one of the leading e-commerce organizations, is expected to achieve 51% of all U.S. e-commerce sales in 2021 — a 16% increase since 2016. Further, the number of digital shoppers climbed from 1.32 billion in 2014 to 2.05 billion in 2020; a steady increase only heightened by the global pandemic that moved shopping, along with working, indoors. As the prevalence of remote working and shopping continues into 2021, companies should now assume their employees may use  corporate-devices for personal, online purchases — all while away from the security of in-office network protections. 

Cybercriminals are aware of both the widespread adoption of e-commerce and the growing population of remote workers, leveraging the current situation to trick users and make a profit. In one major instance, the U.S. saw a 427% increase in shipping-related phishing emails between October and November 2020. Enterprises should expect their employees to receive targeted phishing emails of this nature, as malicious files and attachments disguised as online shopping and shipping emails infiltrate corporate networks to breach employees.

Recent examples of online shopping scams – and what this means for enterprises 

Cybercriminals typically impersonate popular and trusted vendors to take advantage of individuals. Researchers at Votiro witnessed this earlier in 2020 when they discovered a malicious macro deploying a Dridex trojan payload that hid within Microsoft Excel spreadsheets delivered via phishing emails appearing to be from UPS, FedEx, and DHL. The phishing emails appeared to legitimately come from these shipping companies and prompted recipients to view and pay their invoices related to recent orders. 

Hackers send phishing emails directly to shoppers 

Hackers are banking on the fact that people are spending less time visiting storefronts and focusing on online retailers as a result of the COVID-19 pandemic. In some instances, security incidents associated with e-commerce can also damage the companies at which impacted online shoppers are employed. Some employees have online shopping accounts tied to their corporate email address and use the same passwords. Other times, employees receive emails with file attachments that are disguised as receipts or shipping invoices. If a recipient engages with the malicious contents on their corporate devices, malware can be deployed — not just to an individual machine — but also to company servers, which enables threat actors to harvest log-in credentials, compromise sensitive data or continue to move laterally throughout the network and access additional networks, systems and databases. 

Hackers go after retailers’ third-party vendors

Many online retailers leverage third-party vendors to enhance user experience and to increase efficiency of the online shopping experience. In a recent instance,TSYS, a North American payment card processing company, was the victim of a Ryuk ransomware attack. The business unit of TSYS that was affected was Cayan, which focuses on payments made through mobile devices and e-commerce. The company disclosed that even though credit card information was not compromised, loads of administrative data was stolen and posted online. It is highly likely that these cybercriminals have access to a list of email addresses of those who made recent purchases, and could hypothetically leverage these addresses to conduct further phishing attacks. 

Votiro Can Prevent Online Shopping Security Incidents from Affecting Corporate Servers

Executives can continue to urge their employees to refrain from opening attachments from suspicious email addresses and to avoid links for external pages, but the sophistication of these phishing scams is increasing and becoming less detectable by the human eye. At the same time, it is nearly impossible for security professionals to prevent their employees from using their corporate devices for personal use. In the absence of effective protection from training or monitoring devices, enterprise security teams need solutions that work in the real world. 

In a time where the email channel is vital for business operations, Votiro is able to secure 100% of emails with their Positive Selection™ technology. Votiro’s Secure File Gateway for Email solution singles out only the elements of emails known to be fully secure, guaranteeing that files entering the email channel, including email files themselves, are 100% safe. Votiro protects the entire email channel from malicious threats without blocking or quarantining files and having to wait for IT middle-men to unblock access. With Votiro, files simply don’t pose a threat to your business anymore.