Cost of Holiday Shopping Scams
Calculate Your Purchase Risk Using This Fact-Based Formula.
Save to Folio
Holiday shopping this year is widely taking place online, for obvious reasons. This sparked some curiosity as to whether the rate of phishing would increase proportionally with the growth rate of e-commerce.
I took a deep dive down a math tunnel to come up with some answers.
It turns out, e-commerce scams, including phishing, aren’t growing as fast as online sales because scammers are making more money per hit.
The Formula
Let’s start with some year-over-year (YoY) growth stats to set the stage and ground our assumptions.
Also, an estimated 15% of online buys are fraudulent.
While U.S. Thanksgiving typically represents the kickoff for the holiday shopping season, this year’s online purchases began a bit earlier. Even so, Adobe reported a 15.1% YoY increase in Cyber Monday shopping, with a total online sales forecast for the holiday season of $184 billion USD.
To find out the cost of fraud, we’ll take sales multiplied by the percentage of fraud.
$184B * 0.15 = $27.6B in fraud
Let’s halve that to be conservative and estimate $13.8B in fraudulent online purchases this holiday season.
However, LexisNexis Fraud Multiplier is $3.36 per dollar lost to fraud. That means for every $1 lost to fraud, it costs the retailer $3.36 due to restocking, staff, etc.
With our conservative estimation, that means online fraud during this holiday season will cost ecommerce retailers in excess of $46 billion, not including the continued loss through phishing.
How to Avoid Fraud and Phishing
Considering this substantial loss to ecommerce, and the impact on individuals making purchases from fake sites, here are some ways to stay protected through the holiday season.
Stolen user credentials are a key method used by attackers to initiate online fraud schemes.
- Consider the retailer before giving your credit card information. Is it a known or reputable company? How did you find the retail site?
- Double-check that shopping-related emails came from the company they claim to be. Is the email address correct? Do the website links truly belong to the company?
- Never use the same password on different websites or online services. Password managers, like the one from Trend Micro can help manage passwords for different websites and services.
Businesses can use Trend Micro™ Cloud App Security for protection against phishing and other email threats. We also published some tips on securing ecommerce sites a few years ago. These are oldies but goodies.
Though the attacks evolve to target the latest trends of the day, the tactics remain fairly consistent each year. If businesses can secure the basics of their ecommerce operations, that’ll go a long way in minimizing the impact of fraud and scams this holiday season.