Facebook recently announced the introduction of carts to WhatsApp to streamline online purchases. While this move will reduce some online friction and make the purchasing process easier for customers, it can also introduce many security and fraud risks.
Cybercriminals are always looking for new ways to target unsuspecting customers with social engineering scams through various channels. Many times, they will entice victims to communicate “out of bounds”. For example, if a user is buying something from a website like eBay, then they need to stick to the confines of eBay for bidding, payment and disputes.
A criminal will want the victim to communicate out of bounds, thus stripping them of the protections that are offered by eBay such as their name, address, phone number, email address as well as payment information that is protected by PayPal. If the criminal is successful in getting the victim to communicate outside of eBay, say through email or SMS, then they could take money or goods and not hold up their end of the bargain. Not only does this leave the victim out of pocket, but it also leaves them with no formal way of raising a complaint.
It can be tempting to go out of bounds, after all, sometimes the platform takes a commission from each sale, and you may want to avoid that. But is saving a couple of dollars really worth potentially losing a lot more to a fraudulent transaction?
The big risk with using other communication platforms for e-commerce transactions is that customers will struggle to differentiate between legitimate and fraudulent interactions. It makes it easier for criminals to impersonate brands and people are less aware of the nature of these attacks and become a victim. Criminals constantly adjust with new technologies faster than people can be educated or trained and thus make their attacks more successful.
People could inadvertently send personal information via WhatsApp believing it to be a secure mechanism to communicate with customer service. Not only is it an improper channel to exchange sensitive information, but again, it could expose sensitive information such as name, address, customer reference numbers and so on to attackers.
The lines between social media, networking, and e-commerce apps continue to blur. While this can create a better experience for customers, it opens up many new avenues for fraud and social engineering attacks — so alongside technical protections, it’s important that organisations educate their customers on how to remain safe online.