Cybercriminals used a ranged of techniques to scam online shoppers during the heights of the pandemic according to Verizon’s Data Breach Investigations Report.
The report showed that while the vast majority of data breaches in retail are still external, criminals took advantage of the increase in online payments and orders while bricks-and-mortar retail was closed.
According to Verizon, most cybercrime involving online shoppers is most likely to come from outside a retailer’s businesses.
The data showed that out of a sample of 725 breaches that 84 per cent in the retail industry are external and of those, 99 per cent are financially motivated.
The report also discovered that 33 per cent of retail industry data breaches involved theft of credential data, all of which consisted of sensitive critical information which included payment (42 per cent) and personal details (41 per cent).
According to the study, system intrusion, social engineering and basic web application attacks represented 77 per cent of breaches in retail.
This indicates that phishing and pretexting have been on the rise over the past year, the former being present in over a third of the breaches analysed by Verizon, this figure has risen from a quarter when compared to last year’s report.
This has been attributed to criminals targeting a larger range of people who shopped online while non-essential retail was closed.
“The retail industry continues to be a target for financially-motivated criminals looking to cash in on the combination of payment cards and personal information this sector is known for,” lead author of the report Alex Pinto said.
“Social tactics included pretexting and phishing, with the former commonly resulting in fraudulent money transfers. Some 54 per cent of all breaches across the retail industry had some form of human element involved, which is a very significant number in a field as diverse as retail.
“We’re hoping retailers take notice of these findings and use them to help inform their defense strategies moving forward.”