ACFE Research Specialist

Samuel May, CFE

The growing trend of shoppers preferring pajamas and pumpkin pie to cold weather and crowds reached an all-time high in 2021 as online shopping for the holiday season soared due to the COVID-19 pandemic. In 2022, global online sales again hit a new high of $281 billion during Cyber Week (Thanksgiving Day through Cyber Monday); that figure was up 2% from the pandemic season, according to Salesforce, with Cyber Monday alone accounting for $11.3 billion in online sales, according to Adobe Analytics. Black Friday, by comparison, reached $9.12 billion in online sales and reportedly light foot traffic.

This year was also novel for how customers made their purchases: for the first time ever, most online sales were made through mobile devices. Mobile sales accounted for 44% of all sales last year but reached 51% in 2022. As for how customers made their way to their purchase, 28% of online orders originated from a paid search, 18% were from customers going directly to retail websites, 17% from clicking a link in an email, and 15% originated from an organic search. (Paid searching is defined as an organization paying for a prominent position on search result pages versus organic searching where the organization optimizes their website’s visibility to appear in search results more “naturally.”)

So, what do all these numbers mean for fraud examiners?

Scam artists typically take the path of least resistance and follow the money. Early results from Cyber Week 2022 saw average suspected digital fraud attempts increase 82% over the earlier part of the year. TransUnion analytics estimate that 15% of all global e-commerce transactions between November 24 and November 28 were potentially fraudulent. Fraud examiners should make every attempt to plan ahead and work on prevention through education. Looking toward 2023 with 2022 already in the books, a few recommendations can be made:

1.      Email scams

Virtually every cybersecurity educational resource will remind individuals to dutifully check each email they receive for telltale signs of deception and to avoid clicking included links or downloading attached documents. Even in ideal scenarios, email scams and phishing attempts still succeed from time to time. During the busiest sales days of the year, where every email inbox is bombarded with dozens and dozens of temptations, customers will be even more vulnerable. The same techniques fraudsters use to get individuals to click into a phishing scam are employed by companies wanting to boost their end-of-year figures. Last chance! Buy now! Deals you can’t afford to miss!

Cybersecurity professionals can take a bit of solace in this year’s figures. While 17% of sales came from individuals clicking through an email link, 18% took the effort of going directly to their preferred site. The message is getting through, but repetition is important. One well-crafted email scam is all it takes for a Grinch to spoil a holiday season.

2.      Text scams

Text scams are somewhat new, but they’re similar to email scams. Customers should be educated on avoiding following links in instant messages or downloading attachments or images from unknown sources. With the rise of mobile sales, companies and scam artists alike are more frequently sending out text messages to entice customers to click. This includes messages for upcoming deals, fake order messages, fake delivery messages and all manner of other communications. Customers should be advised to, once again, avoid clicking, calling or engaging with text messages and go directly to the website they ordered from to resolve any alleged issues.

3.      Fake websites

The highest percentage of online sales were driven by paid searches and/or sponsored links. Generally, these are legitimate companies that have put money toward appearing on the top of the page when particular phrases are searched. Such a large piece of the online sales pie will also inevitably attract fraudsters looking to perpetuate a larger scam; all that is required is an upfront investment to get their link to the top of the page. As with all online advertisements, customers need to be reminded to resist the initial temptation to click. While some organizations put significant effort into curating and verifying advertisements or sponsored content that appears on their website, not all of them put forth the same effort or fully succeed in filtering out bad actors. A bad ad can lead to a fake website where victims give up their credit cards or identifying information in pursuit of a good deal.

Organizations can help combat Cyber Week sales fraud by preparing for an increase in account takeovers and fake profiles. They can monitor important data trends like declined transactions and projected sales volume increases from broadcast deals in order to understand how to best protect their customers.

This holiday season is sure to set more records for fraud commensurate with the increase in sales and spending. While the customer is ultimately responsible for protecting themselves from phishing, identity theft, or any of the myriad of e-commerce scams, fraud examiners can work to anticipate increased vulnerabilities and help to educate customers and organizations. Despite our culturally agreed upon practice of ignoring our weight during these food and festival filled months, an ounce of prevention is still worth a pound of cure.