The online – and high street – retailer Amazon has reportedly issued warnings to its customers over two prevalent scams.
It’s prompted comment, such as from Amal Ahmed, Director of Global Financial Services and EMEA Marketing at Signifyd: “It’s increasingly obvious that the summer months have become the new harvest season for bad actors who try to scam shoppers online, putting consumers and retailers at more risk than ever. The latest news about fraudsters targeting Amazon shoppers is timely, as shoppers, and the youngest generation of consumers in particular, have more time to spend online and fraudsters are capitalising on this.
“Retailers have a core responsibility to protect shoppers, but they are facing a balancing act of making the shopper experience as frictionless as possible while providing the highest level of protection. As we continue to see attacks become more aggressive, it’s important that retailers are partnering with fraud prevention providers and that consumers feel protected to browse the online aisles. Shopper protection is key for retailers to combat cyber crime and build trust and loyalty with their customers.”
The August print edition of Professional Security Magazine features what Amazon has to say about and what it’s doing about scammers. For one thing, if scammers misuse the Amazon, or any corporate brand, that may reflect on the retailer, even though the criminals, not the corporate, have done the scam. Amazon during the two-day University of Portsmouth annual counter-fraud conference stressed besides how it’s customer-centric; if something detracts from a satisfied customer, Amazon wants to do something about it.
Ranged against that, scammers are devious and mimic respected brands, whether by posing as them or using their methods or reaching people, whether by text or email, and en masse, meaning that even if a small percentage fall victim to a scam, it remains worthwhile for the criminal.
Besides retailers – and retail banks – seeing gains in public relations from offering advice to customers to avoid fraud, security managers more generally may find a better security posture arises from offering cyber security education to staff, even though not apparently directly related to the employer. At the recent Infosecurity Europe show in London it was striking that this cropped up more than once in conference talks. One speaker raised the idea of ‘bring your whole self to work’. Whether you work in sales or research or IT, you may concentrate on your specialism and what targets you have to meet to earn a bonus; cyber or other security you may pay no attention to, or only lip-service.
Some security managers, seeking to make non-security staff more resistant to clicking on phishing emails, are finding that staff are more motivated to learning about not being tricked by scams that they can apply in their home lives; that can inform conversations in the home, to family members potentially more vulnerable to scams, the young and old. This may suit the ambitious, or non-technical, security person; that security gets listened to, and need not be narrowly technical.
At Infosecurity Europe, the security awareness platform KnowBe4 surveyed those attending and found that few, 21pc, believed their organisation has a great security awareness programme. For 27pc of respondents, their programme was felt to be too boring or not attention-grabbing enough. Others claimed the training is outdated (22pc), too general or not tailored (17pc), not user-friendly (17pc) and/or too slow or not issued in real-time (15pc).
Javvad Malik, lead security awareness advocate at KnowBe4 said: “The lack of engaging, relevant, and frequently implemented security awareness training is concerning. Particularly in light of research suggesting that as many as 80% of cybersecurity professionals have observed users performing risky behaviours at work, including the use of gaming, gambling and adult websites, as well as downloading malicious applications.
“Security awareness training should not simply be seen as a tick-a-box exercise. Rather, organisations must recognise that their people are critical to the success, but also the potential downfall of the business. By investing in the right training programme, a strong security culture can be nurtured and could save the company significant costs that often accompany a breach.”
Visit the Take Five website of a national campaign offering advice (to consumers and businesses) that can help prevent email, phone-based and online fraud.
Picture by Mark Rowe: gatehouse to Amazon warehouse, outside Dartford, Kent.
