Consumers: Less Trusting, Willing to Overlook Security Flaws for Cyber Monday

Many consumers will remain loyal to their favorite shopping sites even that brand suffered a breach in the past but only if there sweet enough Cyber Monday deal on the table.

The second-annual Cyber Monday Survey study by Seattle-based DomainTools, which provides a proprietary threat intelligence and investigation platform, revealed 62% of consumers willing to shop a hacked brand. However, in the absence of deep discounts, 60% said they will drop them if they think it is susceptible to a breach or has been previously caught in the crosshairs of a scam.

As consumers prepare for holiday shopping, 70% of respondents indicated they had plans to shop Cyber Monday and 60% intended to directly visit the website of the product to find their deals, top retailers must stay ahead of cyberpredators to ensure long-term consumer trust.

According to the survey, the top three most popular sites to shop in the last six months were, Amazon (90%), Walmart/Sam’s Club (55%) and Target (39%), making them likely destinations for deals and potential attacks on Cyber Monday.

DomainTools conducted additional research into top brands in DomainTools PhishEye, which uncovered a myriad of spoofed domains such as “wal-mart.com[.]bd” and “amagzon[.]com.” With this level of activity, and web traffic spiking to 152% above the average on the morning of Cyber Monday last year, it is ever more important for retailers to be aware of spoof domains.

“This year’s respondents were clear that they are willing to overlook previous breaches in lieu of a Cyber Monday deal,” Corin Imai, senior security advisor at DomainTools, said. “As consumers continue to grow vigilant of threat vectors, retailers are being held more accountable to stay ahead of potential threats. Building intelligence around spoofed domains that may impact their brand, becomes more crucial to protecting their reputation and maintaining consumer loyalty not only on Cyber Monday, but all year round.”

Imai warned consumers should stay alert to phishing attacks and supplicated spoofs of retailer sites that take advantage of consumer behavior.

While most consumers plan to go directly to retailer websites, 22% said they also use email newsletters, which ranked as the second most used method for finding Cyber Monday deals. Email remains an effective threat vector for phishing attacks targeting holiday shoppers. When compared to last year’s findings, there was a 3% increase in respondents who have been duped by phishing scams and/or spoofed domains, jumping from 38% to 41%.

Financial institutions are not immune from the cyberdangers. “generally, we see that financial institutions are the highest targeted. they have the most sensitive data and it makes them more susceptible,” Imai noted.  “we monitor a fair amount of financial institutions.”

The survey also found consumers, though increasingly informed, not fully understanding the seriousness of the threat landscape, as demonstrated by findings including:

• Ninety percent of respondents said they are aware cybercriminals spoof retailer websites and email domains.
• Still, 54% stated that they have fallen victim to scams.
• Despite awareness, respondents were split in response to the statement, “I don’t really think about breaches when I shop online,” with 49% agreeing and 51% disagreeing with it.
• Among respondents that had a previous encounter with a scam, 90% have changed their behavior, which is a 3% improvement from last year’s survey findings.
• Respondents are now taking certain precautions, which included paying closer attention to URLs and email senders to ensure emails are coming from the actual retailer (61%), checking the email domain to make sure it matches the brand they shop (78%), and directly visiting the retailer’s site vs. clicking through from emails or on social media (54%).

DomainTools Tips:

1. Be confident. If you aren’t 100% sure a link to your favorite retailer came from them, then don’t click. Instead, navigate directly to a company’s website rather than clicking on links sent via email or social media.
2. Be cool and collected. On Cyber Monday especially, phishers rely on high-pressure tactics (“shop now!” or “sale ends soon!”) to lure shoppers in.
3. Be critical. Watch out for typos and look alike characters, and exercise caution about any links that come via email, SMS, or ads. Assume links are dangerous until decided otherwise.
4. Be paranoid. If a deal seems too good to be true, it usually is.

DomainTools offers several protection tools including PhishEye Monitor the Internet that enables organizations to identify existing and new domains that spoof legitimate brand and organization names; and Iris Investigation Platform Map, a proprietary threat intelligence and investigation platform.

The survey was conducted in October 2018 among U.S. consumers. The full results are available by request.