How Levi’s ® caught the phishing scam to protect their online shoppers

The COVID-19 pandemic transformed practically every aspect of our lives and had a strong influence on our online habits. With everyone staying at home according to local restrictions, adjusting to the virtual version of our previous daily routine became a must. Research shows that internet use increased by 70% almost instantly, which makes perfect sense considering the transition to online-everything. In the retail arena, companies experienced a dramatic surge in online sales, with some reporting a double and even triple-digit increase.

Understanding the security risk 

Sadly, the alarming circumstances surrounding the growth in online shopping comes with a price. Retailers offering their products online soon learned that in addition to shoppers, hackers were also very interested in their merchandise. Security threats have become more frequent than ever, as hackers see the opportunity in increased online activity and especially target shoppers who are relatively new to online shopping.

One prominent example is that of the Levi’s® brand, a well-known global apparel company that is considered one of the world’s leading fashion retailers. In April alone, BrandShield was able to detect no less than 429 new fraudulent domain names that used the Levi’s® name in order to mislead and scam shoppers. Hackers pretending to be associated with the brand were hoping to get a hold of shoppers’ money and personal information. Luckily for everyone involved (except for the attackers themselves), BrandShield managed to take down 90% of these phishing websites immediately and continues to monitor and manage the situation.

Security vulnerabilities can have a catastrophic impact on retailers. In addition to the revenue loss caused by misled shoppers interacting with phishing websites, companies face serious damage to their reputation. Online shoppers concerned that a specific brand will fail to protect them are likely to take their business elsewhere. With online channels becoming the main source of income during such turbulent times, the risk becomes even greater.

Taking the necessary steps to address the threat

The Levi’s® use case demonstrated the risk of website phishing and fraud, but also the steps that must be taken by companies in order to protect their shoppers and business reputation. The following six steps offer CISOs a way to proactively manage the risk:

• Monitor: Scan the digital arena to discover any suspicious or fraudulent activity which could be related to your company and brand. Examine both domain names and the content appearing on the website.
• Respond: Once a threat is discovered, respond immediately and make sure to remove the fraudulent website, as well as any related social media accounts or additional published content.
• Educate: Teach your team and customers how to spot a fake website and report suspicious activity. Point to specific content elements or uncharacteristic online behavior.
• Encourage: Remind your target audience to only purchase your products from trustworthy websites and authorized channels. If possible, list the recommended channels to make things easier.
• Manage: Map and prioritize the online threats your brand is facing using a comprehensive online threat intelligence map. Monitor and update the map on a regular basis.
• Identify: Seek and detect security vulnerabilities and weak spots related to your online channels and overall brand. Handle outdated and unsecure websites that attackers might be particularly interested in targeting.

We do not know when the threat of COVID-19 will be gone, but we know that the cybersecurity threats retailers have been dealing with for years will probably stick around long after the pandemic is over. Meanwhile, this new reality brings opportunities and risk to shoppers and brands around the world. Companies and CISOs looking to protect themselves from this fragile situation must do everything in their power to stop attackers from achieving their malicious goals.

If you’re interested in learning more about the process of detecting and taking down fraudulent websites and social media accounts, we’re here to help.   Security vulnerabilities can have a catastrophic impact on retailers. In addition to the revenue loss caused by misled shoppers interacting with phishing websites, companies face serious damage to their reputation. Online shoppers concerned that a specific brand will fail to protect them are likely to take their business elsewhere. With online channels becoming the main source of income during such turbulent times, the risk becomes even greater.