News
Industry comment - Groupon hit by fraud
December 2016 by Rob Norris, director of enterprise and cyber security in EMEIA at Fujitsu
Following the news that Groupon has been hit by
fraud, Rob Norris, director of enterprise and cyber security in EMEIA at Fujitsu, comments:
"This latest example of fraud on Groupon highlights once more the cyber challenge we
are now facing. Fraudsters are always looking for gaps and grey areas within a
process or system that allows them to enact a compromise. Attackers also value data
and, as demonstrated by this incident, although Groupon was not hacked directly,
account details were compromised elsewhere. This meant fraudsters were able to
re-use these details to access the site and in-turn, make payments on behalf of
customers.
"The challenge for organisations is to spot the unusual when it is cloaked as
’legitimate’ - this is what fraud is all about. Good data analytics will help
identify unusual behaviour but the first step is understanding what ’normal’ looks
like to allow the anomalies to be spotted. Testing systems from the perspective of a
fraudster is a useful activity and ensuring that systems are properly decommissioned
is also key.
"For consumers, it’s important to report fraudulent emails as soon as possible. No
legitimate organisation will ask for security or banking details so consumers need
to be suspicious of any email that requests this information. As well as this,
consumers must ensure they have different passwords for different online websites so
incidents like this don’t happen again."
