Having covered retail loss prevention for more years than I care to admit, I’ve heard my share of eye-popping stories — but the narratives I’ve heard from event stages were made all too real in the past few months when a close friend and a family member were both immersed in LP-related nightmares.
My friend is the CIO of an independent nonprofit agency in New York. During a critical project, a ransomware virus seized control of the company’s computer system’s files and encrypted them. The hackers held the files hostage, threatening to delete them unless the company paid a ransom online using the untraceable digital currency known as bitcoin.
Once the ransom was paid, my friend received an emailed “decryption key” unlocking the company system. He called the experience a “crippling nightmare,” fraught with unbridled uncertainty, dread and anxiety.
The story is all too common. Ransomware attacks on businesses large and small reached 638 million last year, up from 3.8 million in 2015, according to SonicWall’s 2017 Annual Threat Report. Based on data from the company’s Global Response Intelligence Defense Threat Network, it represents a meteoric rise in incidents: up 16,700 percent year over year.
The industry security firm attributed the growth of ransomware to easier access in the underground market — supported by the low cost of conducting a ransomware attack, the ease of spreading it and the low risk of being caught or punished.
The mass adoption of bitcoin is another factor driving the sudden surge; before the cryptocurrency existed, payments could be tracked.
Weeks later, my sister-in-law shared her identity fraud nightmare. It began with a letter from the U.S. Postal Service asking her to confirm a change of address — but she had never made such a request.
She rushed to the post office where she was required to fill out numerous forms and had to repeatedly prove her identity. From there, she headed to the police, filed another report, then — upon the advice of the officer — headed home to check with the credit bureaus.
It turns out a credit card was opened in her name the same day the change of address was filed. Eight hours later, she was reasonably convinced the immediate danger had been averted. Still, she’s been advised to monitor credit card bills for at least the next 18 months, and there’s no telling when peace of mind returns.
When I shared this story with a fraud expert, he said that change-of-address fraud is a fast-growing scam. It’s just one of many incidents that illustrate the need for retailers to stay informed through communities and events such as NRF PROTECT. This event, held in June in Washington, D.C., brings together more than 90 industry leaders to discuss crime trends and how to use technology to stay ahead of cybercrime and fraud.
Over time I’ve experienced my share of compromised credit cards and counterfeit goods, but those of my friend and sister-in-law brought the reality much too close to home. I often think that if the bad guys would apply even a portion of their cunning yet inventive know-how to doing good, the retail industry would be a better place.
Questions or comments? Email firstname.lastname@example.org