Christmas, fashion and online shopping: the hacker is always around the corner

Security Awareness
27 December 2023
Natale e shopping online: l’hacker è sempre dietro l’angolo.

Let’s learn to recognise them and change course. Fashion is one of the sectors that is most heavily targeted by cyber crime

“I’m not giving anyone presents this year, if anything just a few little gifts.”

Let’s face it, every year, as Christmas approaches, we repeat this phrase like a mantra, more as a way of reassuring ourselves that we will not succumb to the madness of the gift rush. But then, inevitably, we cannot resist giving a gift to a child, to an elderly parent, to that relative we have not seen for years, to the hostess who is hosting us for dinner or lunch, to our colleague, and so on.

And in the end we’re also glad we gave them, those gifts. Because after all, it’s Christmas. In short, that love-hate relationship with this time of year and all its consumerist implications – and contradictions – remains alive in most of us.

What has changed is the way we choose to approach spending and shopping, at least here in the western world.

For a few years now, in fact, the queue in the shops to get your Christmas present wrapped has sharply decreased and the tendency to buy online has grown exponentially.

According to the Norton Cyber Safety Insights Report 2023, 91% of Italians responding to a survey a few months before the holidays planned to shop online. More than a third of these planned to do most of their shopping online and 39% said they would spend more than 3 hours searching the internet to pick out the best gifts.

An attitude that, as we know, has its pros and cons. Among the latter, the most daunting is the risk of being scammed.

Last year’s online scams and holiday shopping

The report shows that over the holidays last year, more than 1 in 10 Italians said they had been targeted by an online scam and 63% were impacted. Victims lost an average of €214 each and were deceived in various ways: via third-party websites (50%), social media (36%), email (28%), text messages (20%) and phone calls (12%).

Not least because the period is hectic, we are all distracted by a thousand other commitments, our shopping is rushed and there is a greater inclination to spend. After all, Christmas only happens once a year. So much so that, again according to the cited report, almost one in five adults would risk providing personal information to obtain their chosen gift; they 16% would click on a social media ad or email claiming to have the object of desire and 10% would spend up to 50 euros more than the market value.

This is a perfect scenario for hackers, who target precisely these periods to deliver their biggest blows. The influx of marketing messages in crowded inboxes and customer requests provide a perfect opportunity for hackers and cybercriminals to exploit vulnerabilities in the entire system, from businesses to customers.

An S-RM report cited in a recent BoF article indicates an 11% increase in the average cost of an incident in 2023 compared to last year, a figure of about $1.7 million. Any brand or retailer that manages large customer databases and sensitive information becomes a very attractive target.

The tactics most often used by criminals include: sending phishing emails; sending messages via mobile with malicious links disguised as the names of retailers, e-commerce companies or manufacturers; offers that are too good to be true with fake ads accessible by clicking on the link; requesting login details for websites that appear to be legitimate; simulated messages or emails from delivery services, with links that appear to be genuine and offer order tracking; advertising unmissable products that are only available on one website and for a limited period.

In general, the advice, especially for online shoppers, is always the same:

Pay attention to the names written in website domains

When creating fake domains similar to the original web page, hackers often introduce typos and misspellings, often even in the domain name. In this case, we can immediately notice the scam.

Rely only on e-commerce sites that use HTTPS

It is important to verify that the web address in question, the one where we choose to buy, uses the HTTPS protocol, which offers greater security guarantees thanks to the encryption of the data exchanged with the server that hosts the site. It is a good rule to be wary of those who sell online without using this standard.

Watch out for little-known e-commerce sites

During the Christmas holidays, fake websites attract consumers with fake offers. The goal is to convince the customer to buy with lower prices. Once the payment has been made, however, the goods will never arrive at the buyer’s home. So before you pay, you’d better check that that site actually exists and is tried and tested.

Too good to be true

When an offer is too tempting, it is good practice to be wary. Very low prices are often a lever used to attract attention and hide a scam that will result in us losing money, data and valuable time. So, in the end, that illusory saving will be largely outweighed by losses.

Never shop online using public Wi-Fi

Networks are often unprotected and can be easily breached, putting the personal information of those who use them at risk.

Therefore, it is always better to avoid using public Wi-Fi networks for sensitive activities, such as online banking or shopping. It’s better to use a virtual private network (VPN) to encrypt your Internet connection.

Don’t spread your email address around for nothing

Beware of sites that invite you to sign up to receive a newsletter or targeted promotions. In this case, the purpose is to get our email address and then use it to feed spam campaigns or to send us malware.

Protect your browser

Malicious ads are one of the main risks for internet users. For this reason, before starting to buy online, it is better to install an adblocker, to avoid displaying infected ads that, if clicked, will install a virus on the device. It is also important to update your browser frequently.

Using a web filter

There are several filters for websites online. This is a continuously updated list of various malicious portals. If we accidentally click on one of these websites, the computer warns us and prevents us from entering. Installing a filter on our PC is very simple and inexpensive. Before we start shopping for Christmas, let’s bear it in mind.

A password manager is always better

The password is the first door the hacker encounters. They may find it difficult to crack or wide open, depending on how careful we are about using strong passwords. Therefore, always using the same password, perhaps with our name and date of birth, is strongly discouraged but, at the same time, creating and remembering long and always different passwords is not easy. For this reason, the use of a password manageris recommended.

Watch out for mobile apps

There is a lot of debate around, for example, the cheap shopping apps that have become popular lately, such as Temu and Shein. The advice is to buy exclusively on official sites and only via PC, where you have installed antivirus systems that can recognise false phishing portals.

Social engineering

Let’s remember that hackers are geniuses of social engineering and that they bend over backwards to carry out their scams. Especially in busy periods such as the holidays.


The fashion industry

Among the most popular sectors during the Christmas period is fashion, which is also very popular on the web, and for which the scams have become increasingly dangerous.

Direct-to-consumer brands and multi-brand retailers store huge amounts of personal data, including purchase history, shopping behaviour, body scans and size information, but also phone numbers, addresses, tax and personal data. The theft of this information would have catastrophic consequences for both customers and brands; a cyber-attack would lead not only to the loss of this sensitive data but to a veritable collapse of consumer trust. The most vulnerable are small businesses, so much so that according to The Interline, 60% of them risk closure within six months after a cyber attack. Particularly risky operations are limited-edition launches that createhigh demand, giving priority to loyal, long-standing customers who carry an interesting treasure trove of data that is very tempting to hackers.

Fashion brands and retailers are vulnerable to several types of attack, including eCommerce backends, supplier collaboration tools and IoT devices in shops.

In addition, fashion managers are not always well versed in this type of problem, and it may happen that they do not approach it with the necessary awareness, thinking that once the classic and generic anti-hacker measures have been set up, the business is definitively protected and secure. The scarcity of workers with adequate skills in this field, then, contributes to the increase in risk.

Major data breaches in recent years have not only resulted in significant financial losses, but also irreparable damage to consumer trust, resulting in a decline in sales and long-term customer relationships.

Cyber-security requires prepared, always-active personnel to run regular tests, attack simulations and penetration tests to keep up with hackers’ increasingly advanced tactics. True, all this has a cost, but these days it must be budgeted for by the company. Economising in terms of security and cyber security training can be very costly in terms of both money and image.

Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more