It’s the most wonderful time of the year…for ecommerce.
For many, the cooler temperatures and shorter days signal the start of holiday shopping, and the 2014 holiday season is expected to witness a 15.5% increase in ecommerce sales. Mobile transactions will constitute a third of that number generated, with the average consumer spending $248 online. For others, the increased volume of online shopping serves as a tempting target for web-based attacks in the form of malware, and consumers are the innocent participants.
Malware attacks skyrocket during the holiday season. This makes sense when you consider that more than 25% of total U.S. annual online sales are expected to occur in November and December.With more than $6.5 billion in ecommerce sales expected this year, you can bet the online ecosystem will be targeted.
Much like retailers stock the shelves, ecommerce sites load up with images, product descriptions and advertisements promoting this season’s must-have items and offering discounts in preparation to cash in on the uptick in website visitors. However, this super-sized volume also attracts those looking to make a quick buck by taking advantage of your customers and their online shopping activities. They hijack your ads or third-party content to deliver nefarious code that auto installs on your site visitor’s device. Often, due to fraudsters’ ever-increasing sophistication, these ads or images don’t even require user action. The process of simply serving the impression of an infected ad, image or product review can set the malware wheels in motion.
The Media Trust has had a front-row seat to these activities for the past few years, witnessing the doubling and sometimes tripling of attacks via web-based advertisements or “malvertising” from November through January. The attacks typically kick into high gear on the Wednesday before the U.S. Thanksgiving holiday, a time when many employees charged with supporting and maintaining your website are at home enjoying the long weekend. The staff required to keep the website operational focus only on functionality and often don’t notice the anomalous, third-party code piggybacked to their ads and third-party content.
What’s the worst that can happen? Your website and/or ads become a flashpoint for a major attack, infecting thousands of your customers or potential customers with harmful malware. Typically, the malware downloads an exploit kit onto a customer’s device and mines for system weaknesses to leverage, like passwords or access to personal bank accounts. Sometimes, the hijacked content redirects valuable customers to a fraudulent site, resulting in lost revenue. In either scenario, your customers experience a negative interaction with your brand.
The reality is that your public-facing ecommerce site, quite possibly the bread and butter of your business, can serve as a prime purveyor of malware to your customers. The only way to prevent such attacks is to monitor all ad tags and website code executing on the browser or app, including your own code and that of third parties, data management platforms, advertising re-targeters, analytic firms and sales platforms. Continuous, 24/7 monitoring ensures the detection and analysis of all unknown or anomalous ads and third-party code served to the site, and real-time detection enables ecommerce operators to quickly remove and then block the suspicious or malicious ad tag or code before any damage to site visitors or brand occurs.
Brand protection, revenue security and site performance–those are the best holiday gifts to give and receive.