As the highly anticipated year-end shopping season such as 11.11 Singles’ Day, Black Friday and the holiday season draw near, Palo Alto Networks urges heightened cybersecurity vigilance.
This period sees a surge in online activities and financial transactions — from scouring for the best shopping deals to holiday travel bookings, ticket purchases, and cross-border money transfers for holiday gifts — this holiday shopping season is a prime time for cybercriminals to take advantage of the unsuspecting digital shoppers through phishing scams, fraudulent websites, and payment fraud.
The impact is evident in the losses reported between 2021 and April 2024, totalling RM3.18 billion due to online scams involving more than 95,800 victims. With online activity set to surge during the upcoming shopping season, this underscores the critical need for heightened cybersecurity awareness.
“As Malaysia’s retail and e-commerce sector continues to grow, the need for stronger cybersecurity measures has never been more critical,” said Sarene Lee, Country Manager for Palo Alto Networks Malaysia. “The best defence always starts with awareness and preparation. Retailers and businesses must take proactive steps to secure their platforms, while consumers need to stay vigilant to ensure a safe online experience.”
The rise of online shopping, digital payments and holiday planning has transformed consumer behaviour in Malaysia but has also introduced new risks. High online transaction volumes during key events like 11.11, Black Friday, and holiday travel planning create opportunities for cybercriminals. Locally, 55 per cent of consumers use QR codes, 63 per cent rely on mobile wallets, and 73 per cent engage in social commerce, increasing exposure to cyber threats.
As online transactions surge, consumers face growing risks from threats like APK attacks — malicious software targeting mobile apps—and deepfake scams. To stay safe, consumers need to be on guard about their online security, especially during peak holiday seasons.
Palo Alto Networks offers the following best practices to ensure a safe experience:
- Verify Authenticity: Double-check emails and offers before clicking on any links. Look out for misspellings, unusual domains, and suspicious attachments.
- Use Two-Factor Authentication (2FA): Enable 2FA for all accounts, especially when shopping online, to provide an extra layer of security.
- Shop Through Official Channels: Avoid unofficial or unknown websites. Stick to trusted and secure online shopping platforms.
- Beware of Phishing Scams: Be cautious of deals that seem too good to be true and fake order confirmation emails.
- Strengthen Passwords: Use strong, unique passwords for all online accounts and consider using a password manager for added security.
- Avoid Sharing Personal Information: Never provide sensitive personal details like social security numbers or banking information in response to unsolicited requests.
At the same time, businesses must strengthen their defences against cyber threats. Unit 42 by Palo Alto Networks revealed that the retail industry is among the top three in Malaysia affected by ransomware, highlighting the challenge of maintaining security without disrupting the shopping experience.
Common threats during peak periods include social engineering tactics like phishing scams, which trick employees into sharing sensitive information, and ransomware attacks, which can lock down critical systems until a ransom is paid. Additionally, Distributed Denial of Service (DDoS) attacks can overwhelm retail websites with traffic, causing potential downtime and disrupting the customer experience.
This concern is echoed by consumers locally, with other research finding that 28 per cent of Malaysians feel less secure shopping online and 30 per cent prefer businesses that implement stronger security measures, such as identity verification.
To effectively mitigate these risks, businesses should adopt a zero-trust approach that emphasizes strict verification for every user and device accessing their networks, ensuring that no implicit trust is given. By integrating comprehensive threat detection, response, and data protection into a zero-trust framework, businesses can enhance visibility, streamline security operations, and enable real-time threat responses. This approach not only safeguards sensitive data but also maintains a seamless user experience, ensuring both protection and convenience for consumers.
“This not only simplifies management and enhances efficiency but also fortifies resilience by applying a zero-trust approach, essential in defending against an expanding attack surface—especially during high-traffic shopping seasons. Ultimately, cybersecurity is a shared responsibility, and by working together, Malaysians can create a safer and more secure online environment for all,” said Lee.
Source: Palo Alto Networks (Media Note)