Phishing activity in the online retail segment stood out.
Despite being a long-established attack technique, phishing remains highly
prevalent in the context of online purchasing. From November 2024 through to
October 2025, Kaspersky products blocked 6,651,955 attempts to access phishing
links targeting users of online stores, payment systems, and delivery services.
Of these attempts, 50.58% targeted online shoppers, 27.3% impersonated payment
systems, and 22.12% targeted users of delivery companies.
Sales seasons continue to do the work for attackers.
Seasonal peaks in online shopping consistently provide attackers with
predictable opportunities to scale user-focused attacks. Periods of heightened
promotional activity lower user vigilance and allow familiar phishing and spam
scenarios to blend into legitimate marketing traffic, increasing their overall
effectiveness.
Predictions: what retail & e-commerce cybersecurity
might face in 2026
Chatbots are likely to become a common product discovery
tool across online marketplaces. Unlike traditional search, conversational
interfaces encourage users to share more detailed, natural-language requests,
revealing preferences, constraints, and contextual information. This shift
expands the privacy attack surface, as platforms accumulate richer user
profiles through chat interactions. As a result, chatbot logs may become as
sensitive as transactional data, increasing the risks of over-collection,
misuse, or exposure of personal information.
"Search itself is changing, including how people look
for products online. In 2025, there was a gradual shift from simple keyword
queries to more conversational and visual ways of finding what to buy. As these
models rely on broader user input, careful handling of the data involved will
remain an important consideration for maintaining user trust,” – comments Anna
Larkina, Web data and privacy analysis expert at Kaspersky.
Changes in taxes and trade rules might be exploited in
online fraud. Modifications in taxes, import duties, and cross-border trade
rules are likely to be used as lures in phishing campaigns and fraudulent
online stores, promoting unrealistically cheap offers or claims of avoided
fees. As pricing and fee rules continue to evolve across markets, it may lower
vigilance, increasing the effectiveness of such schemes, particularly against
small and mid-sized retailers.
AI-powered shopping assistants are expected to increasingly
operate outside retail platforms, embedding themselves into browsers, mobile
apps, and third-party services. While designed to simplify navigation and price
discovery, these tools shift data collection beyond the retailer’s perimeter,
creating new and less visible privacy risks. To function effectively, external
AI shopping agents require continuous access to user behavior, including
browsing activity, search intent, location context and product interactions
across multiple sites. This enables the aggregation of detailed behavioral
profiles outside the direct control of both users and retail platforms,
increasing the risks of over-collection, opaque data usage, and unintended
exposure.
Image-based product search might become a new challenge in
privacy risks. Previously, the main privacy concern around user images in
e-commerce was limited to photos voluntarily shared in product reviews.
However, image-based product search is expected to make photo uploads a routine
part of the shopping experience across major retail platforms. While this
feature improves product discovery, it also increases the risk of unintended
exposure of personal data. User-submitted images may contain faces, home
environments, or sensitive details, such as names, phone numbers, or addresses
visible on shipping labels or packaging, making secure processing, data
minimization, and limited retention critical requirements for retailers. The
full KSB retail and e-commerce report is available by link.
Kaspersky experts recommend the following to keep safe:
· Guard your privacy with smart tools. Be cautious about
what you share and avoid uploading personal images or details in queries. Your
interactions help build a profile used for ads and service improvements.
· Verify senders and links. Don't trust discounts or order
notifications from emails or messages. Always double-check the sender's address
and manually type the store's website URL into your browser instead of clicking
on any links you receive.
· Research the store before buying. If you're shopping at a
new or unfamiliar online store, take a moment to check its legitimacy: look for
customer reviews, ensure the website address is spelled correctly, and confirm
that the site pages look professional and polished.
· Monitor your card transactions regularly. Fraudulent
charges can slip through unnoticed. Make it a habit (e.g., once a week) to log
into your online banking or mobile app to review all recent transactions. If
you spot anything suspicious, block your card and contact your bank
immediately.
· Adopt a proactive security approach to protect against
malware and data theft. Use reliable cybersecurity software like Kaspersky
Premium to prevent infections and scan your device regularly. If you discover
an infected app, remove it immediately and do not reinstall it until a
confirmed, clean update is released. Complement this by managing sensitive data
securely: avoid storing passwords or recovery phrases in your photo gallery or
notes; instead, use a dedicated, trusted password software such as Kaspersky
Password Manager.
For retail & e-commerce organizations we recommend:
· Protect corporate infrastructure against a wide range of threats, including phishing and ransomware. Use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and advanced response capabilities. If a company lacks cybersecurity workers, it can adopt managed security services such as Kaspersky Managed Detection and Response (MDR) and / or Incident Response that covers the entire incident management cycle – from threat identification to continuous protection and remediation
By Advik Gupta
No comments:
Post a Comment