Looks like a low-key Christmas for scammers too

Why the festive crime peak?

Over Christmas, scammers benefit from two factors:

1. Volume In the run-up to the festivities, there's a flood of new retail sites, promotions, mailshots and online offers. So scams don't stand out as much. The hectic period begins on Black Friday and ends at Christmas.

2. Psychology Many shoppers are looking for expensive, hard-to-find gifts, meaning they're more easily tempted by offers that might otherwise look too good to be true (e.g. branded toys €10 cheaper than in the big toyshops).

Around the world, those trends have long been recognised. In the US, the explosion of advertising linked to Black Friday represents the biggest opportunity for cybercrooks.

Fake Detector

Last year, our colleagues at SIDN Labs introduced a new tool for the detection of fake webshops, called the Fake Detector (FaDe). FaDe showed conclusively that cybercriminals are very focused on the festive period. A clear peak in malicious activity was visible, starting in November.

Figure 1: Monthly number of suspect domains flagged up by FaDe by the end of 2019. (Source: SIDN Labs)

2020: a meagre Christmas?

Against that background, we and others have been keeping a close eye on developments in 2020. And it seems that this year is following an unusual pattern. Over the last month, we've detected far fewer fake webshops than in the same period of 2019: a maximum of seventy, up to and including week 45, compared with 400 in 2019. It also looks as if retail brands are being abused less for phishing. Financial service providers, eBay, Marktplaats and Netflix are all higher in the phishing target list:

Tabel 1: Main phishing scam targets in 2020 (source: SIDN Labs/Netcraft).

Yet the overall incidence of cybercrime for the year as a whole is up sharply. It's hard to know exactly why festive retail scams are down, but the virus-related restrictions are bound to play a role. High street shops haven't got involved in Black Friday, because large crowds are incompatible with social distancing. So there's been less online advertising to provide cover for scammers. Another factor is better fake webshop prevention. Tools such as SIDN Labs' FaDe enable rapid detection, probably making fraudulent retailing less attractive for crooks.

Don't let down your guard

Although we haven't yet seen many webshop scams this year, that doesn't mean we won't. Data from 2019 shows that domain names for retail phishing sites are often registered only just before the fake shop goes live. It may be that this year's activity peak has simply been delayed. Another possibility is that scammers have switched from fake webshops, which are detectable, to mail-based fraud, which slips more easily under the radar. We highlighted that trend back in the summer.

Rapid action is vital

In order to prevent brand devaluation and reputation damage, we advise continuous online monitoring of brand names, coupled with immediate intervention when issues comes to light. More than three hundred brands are already protected by SIDN BrandGuard. It's now possible to scan for suspect content, logo use and other forms of abuse as well.

Want to know more? Visit https://www.sidn.nl/en/sidn-brandguard.