- With e-commerce surging during the coronavirus pandemic, Prime Day and the 2020 holiday season may be the perfect hunting ground for online fraudsters.
- Business Insider spoke with Amazon’s former Director of Corporate Development Aaron Barfoot, who now serves as the chief financial officer of online security firm Forter.
- “Good online hygiene means paying attention and being alert,” Barfoot said.
- Visit Business Insider’s homepage for more stories.
It’s a potential nightmare for anyone who’s ever shopped online: checking your bank account or credit card statement to find that a cybercriminal has stolen your identity and run up a huge bill.
During Amazon’s two-day Prime Day sales event and the upcoming 2020 holiday season, that’s a scenario that could become reality for more shoppers than ever before. Former Amazon Director of Corporate Development Aaron Barfoot — who now serves as chief financial officer for online fraud prevention firm Forter — said that 2020 may prove to be an especially risky year for online shoppers, thanks to the surge in online purchases during the coronavirus pandemic.
Forter estimates that transactions by first-time online shoppers have spiked from between 4% to 5% last year to around 10% to 14% in 2020. The overall increase in online transactions makes it “easier for a fraudster to hide,” Barfoot said. In its annual fraud report tracking e-commerce transactions, Forter also found that fraud pertaining to “buy-online-and-pickup-in-store” orders has already increased 55% year-over-year.
“More new customers are going online for the first time,” Barfoot told Business Insider. “Once those new customers are online, they are more susceptible to fraud.”
Those looking to prey upon the influx of inexperienced e-commerce shoppers — especially elderly customers and those without the digital savvy to create strong passwords — come armed with a playbook of fraudulent moves. Hussein Ahmad, CEO of digital banking platform Oxygen, said that phishing scams “where an email purported to be from Amazon asks the recipient to disclose sensitive information like their Social Security numbers, tax IDs or bank account numbers” are particularly popular.
“Don’t give it to them,” Ahmad said in a statement sent to Business Insider. “Amazon would never ask for such sensitive data through email.”
Another tactic involves fraudsters accessing an e-commerce account and changing the password in order to lock the victim out. Forter estimates that account-focused fraud will cost consumers and vendors around $25.6 billion in 2020.
Barfoot also added that one more frequent method of attack involves criminals obtaining a victim’s credit card information online to create a new account under a new name. Fraudsters may then “test” the operation by sending an initial order to the victim’s address, before switching the shipping address.
During Barfoot’s tenure at Amazon, a fraudster once targeted him with that very same method.
“The fraudster switched my name. Instead of being Aaron Barfoot, they made me Barfoot Aaron,” Barfoot said. “They created a new account, and one day I got this package — something very cheap. I was like, ‘That’s interesting. I didn’t order this.'”
Checking through his employer, Barfoot found that a brand new account had been set up by someone who had stolen his credit card information.
“They were testing to see if this package was going to get rejected or accepted,” he said.
As a former Amazon executive, Barfoot said the company “aspires to be very customer-centric,” which means having a “diligent” response to fraud affecting vendors and shoppers alike. But as other companies delve into e-commerce sales, the main question becomes “is everyone you buy from safe?”
Barfoot shared a number of key tips for consumers looking to protect themselves from e-commerce-related fraud. They include: beefing up password strength, maintaining good online hygiene by refraining from clicking on suspicious links, frequently checking credit card balances and purchases, establishing multi-factor authentication on sites like Amazon, and setting up credit card alerts regarding online purchases.
“There’s a lot of simple things people can do that can make a big difference,” Barfoot said. “Good online hygiene means paying attention and being alert. And check your credit card. A lot of the time, those fraudsters will try a small transaction to see if it goes through. And then once they find a play that works, they’ll continue doing it over and over again.”