As Middle East enters one of the busiest shopping periods of the year, both online and offline customers are at the risk of losing money and theft of their personal credit card details at the hand of cyber criminals, caution experts.
“Gulf-based retailers and their infrastructure are increasingly being targeted with advanced malware variants to intercept payment, card data and communications,” said Jay Townsend, a principal at consultancy firm Booz Allen Hamilton.
Poorly maintained websites and unsecured e-commerce platforms in Middle East this festive season are luring cyber criminals who are also targeting computers throughout the Middle East to hack into cryptocurrencies infrastructure, the global management consultancy said.
Hacking group Magecart targeted more than 800 e-commerce sites between February 2017 and June 2018, according to cybersecurity firm RiskIQ. It stole confidential information from nearly 400,000 transactions and main victims included online site Ticketmaster UK and British Airways.In the UAE, the second-biggest Arab economy, where online market research Statista estimates e-commerce market to reach almost $10 billion by 2018-end, is one of the main targets of cyber criminals.
WhatsApp messages are the latest in a string of phone scams to hit the UAE, which has nearly 99 per cent smartphone penetration. In October, many residents reported receiving a series of fraudulent calls from Antarctica, the tiny Pacific island of Nauru and Luxembourg.
The UAE Central Bank last week issued a warning to the public to be wary of fraudulent WhatsApp messages. The regulator, which manages the currency, monetary policy and banking regulations in the country, said the messages include a hyperlink that could expose the receiver to a malicious website.
In the past, the UAE Banks Federation has also run cyber-security sharing programmes among its member banks to help prevent crimes perpetrated online against lenders.
It is imperative that retailers and customers alike take precautionary measures to safeguard against the online frauds which could result in the massive financial and reputation losses, Booz Allen Hamilton noted.
During the holiday shopping season cyber criminals will try and execute fraudulent transactions with all the information they have illegally acquired over the past 12 months, Angel Grant, director, identity and fraud & risk intelligence at network security company RSA, said.
Online payment fraud losses from e-commerce, airline ticketing, money transfer and banking services will reach $48 billion by 2023, up from $22bn in losses projected for 2018, Hampshire-headquartered Jupniper Research, said in its latest report.
According to a poll of UAE residents by global payments company Visa, 66 per cent of shoppers are now happy to buy online. The figure for UAE nationals buying online is as high as 81 per cent while 70 per cent of people are at ease paying utility or government bills through digital platforms.
"UAE is home to one of the most advanced and tech-savvy generations, who prefers to buy online. Looking at the grey area, this trend also gives bad boys enough space to try their tactics," David Weston, Microsoft's 's 'hacker-in-chief' and creator of Windows Red Team, told The National.
In order to avoid any cyber fraud attempt, Mr Weston advises to switch to the latest operating system and to stop using passwords as quickly as possible, particularly for finance related accounts.
“Cybercriminals are targeting money through compromising the users’ identity – his username and password. So, get on the next level of security using fingertips or facial recognition as you buy this shopping season,” he added.
Dubai, the commercial and business hub of the GCC, is opening the 39-day Dubai Shopping Festival Wednesday and the organisers are expecting huge footfall of local, regional and international buyers.
This year has also seen a surge in formjacking frauds – where cyber criminals use malicious code to steal credit card details from payment forms on the checkout web pages of e-commerce sites. California-based cybersecurity firm Symantec has blocked nearly 700,000 formjacking attempts globally from mid-September to mid-November this year alone.
“Internal surveillance and monitoring will be a standard contingency measure in the years ahead,” said Sevi Tufekci, director of sales engineering - emerging markets – Europe, Middle East and Asia at Citrix, a Santa Clara-headquartered data security firm.
Supply chain will be the weakest link for a significant number of organisations, said Ms Tufekci, adding that "more you monitor, the more likely you are to spot a potential problem in its early stages".