Dean Houari, Director of Security Technology and Strategy, APJ, Akamai Technologies throws light on the trends of audience hijacking and what this means for our region.

Ecommerce sales are continuing to grow astronomically. Asia Pacific is by far the largest market for retail e-commerce – with digital retail sales at least three times greater than in North America, and nearly five times greater than in Western Europe.

There is a dark side to this growth. There has been a significant increase in cyberattacks as well. One of the lesser talked about threats is ‘Audience Hijacking,’ where a third party swoops in to ‘hijack’ or claim credit for affiliate sales or redirects the consumer to a different platform. Estimates show that between 10-20% of retail shoppers are being redirected today – which is a real bite out of sales.

The growth in Audience Hijacking is due to web browsers being relatively unprotected today, essentially an open vulnerability. While organisations have started to become more aware of threats such as payment fraud, unprotected web browsers remain the path of least resistance for cybercriminals.

What would these developments mean for ecommerce retailers and consumers? More importantly, what can be done to safeguard the online customer journey?

In this interview, Dean Houari, Director of Security Technology and Strategy, APJ, Akamai Technologies throws light on the trends of audience hijacking and what this means for our region.

How does Audience Hijacking affect businesses of all sizes?

The Covid-19 pandemic and the forced lockdown have changed the way consumers shop and work. E-commerce revenues are expected to reach USD 5.4 Trillion in 2022 and continue to rise steadily. The browser is the most popular place in the digital online e-commerce infrastructure where customers and websites interact. Browser extensions, plugins and widgets have enhanced and personalized the browser experience by allowing customers to find coupons and offer price comparisons. Online retailers are leveraging these extensions to retain customers who have become their website audience.

However, these extensions can also be leveraged by rival online retailers and malicious actors to hijack or defraud their customers who have become their web landing page audience making Audience Hijacking the next battleground in application abuse, fraud and security.

Rival online retailers can disrupt a carefully crafted online shopping experience with unwanted browser activities using in-browser scripts, extensions and ads to offer a better price in a price comparison extension for example. This can hijack a customer before they reach the shopping cart and is causing millions in lost sales. Bad actors can cause customers potential harm by redirecting them to fake sites to steal their personal data.

Audience Hijacking can take several forms in a customer journey, with the common goal to prevent customers from converting to sale:

  • Audience Hijacking or Redirects – pop-ups from ads and extension offers that not only distract the customer from buying on your website but may very well result in the customer going elsewhere to buy.
  • Promotions, Coupons, and Price Comparisons – Customers often load extensions that provide them with deals and allows them to compare products on different sites.  These are specific forms of audience hijacking as a result of customer added extensions and plug-ins.
  • Malicious Ad Injection – Again another form of distraction, ads can appear that can again redirect a customer away from your buying experience. In some cases, these ads can also be malicious, looking to phish or skim information when a customer goes to that site to interact.
  • Affiliate Fraud – Many online businesses use affiliate marketing to extend their selling reach. 

It is estimated that 1 in 4 website transactions are lost due to audience-hijacking and as much as 20% of affiliate marketing spend can be paid out to fraudulent entities. This can translate to millions of dollars in lost revenue and ineffective ad spend per year in an era where marketers are tightening their belts.

How can businesses tackle Audience Hijacking, recapture sales, and prevent marketing fraud?

Dean Houari, Director of Security Technology and Strategy, APJ, Akamai Technologies

Organisations with a customer-facing web presence need to familiarize themselves with common ways that attackers launch Audience Hijacking attacks. The most common scenarios of Audience Hijacking today include redirecting users to alternate locations, affiliate fraud by overriding referral codes, malicious ad injections that prevent users from completing their purchases, and even unmanaging browser plug ins offering coupons and other savings in attempt to sabotage sales.

Next, organizations will need to take a look at in-browser behaviors, and up the ante on ensuring their protection. This would require gaining real-time visibility into these in-browser behaviors, including a view of third-party activity, enabling a quick identification of any potential malicious behaviors or attempts to highjack customers.

There are available solutions today that equip organizations with the tools to secure against in-browser data theft, and enable them to build custom detections against potentially suspicious activity. More crucially, this provides protection against unwanted redirection of customers to competing and malicious websites, and helps businesses keep consumers on their site to ensure successful engagement and consistently frictionless online experiences that improve site visits, sales conversion rates and brand trust.

How are the e-commerce threat landscape and the wider cybersecurity landscape changing?

The e-commerce industry is booming and is increasingly vulnerable to cyberthreats, especially during peak periods such as the holidays. According to our recent data, we saw a 3x jump in attack traffic during China’s Singles’ Day, and a 150% increase in attack traffic in Japan around the Gregorian New Year. During peak periods, attackers can easily mask their malicious activity as websites get overloaded with customers. 

Often, attacks are launched with malicious botnets (groups of bots that number in the millions) that compromise a site’s security, and consumer’s privacy. Common attacks include credential stuffing, where bots are deployed to match stolen credentials that they have bought on the dark web to find matches across other accounts at other companies. This preys on the vulnerability that consumers often still use the same passwords across platforms. Criminals thus often try the login that worked at one retail site to see if it (or a variation of it) will work at another.

When these attacks are successful and accounts are successfully taken over, all their associated information — loyalty points, credit card info, personal information — will be used or scraped, then sold.

In another type of attack, criminals will target ecommerce websites to try and buy up limited edition or limited supply items to resell them for a much higher price. This damages a retailer’s reputation and frustrates its customers.

What is reassuring, however, is that scams, at their core, are old crimes mediated through new technology. The mechanics that drive them will always be the same – offering us a blueprint to protect ourselves and organizations from new attack vectors.

How is Akamai reshaping its security solutions to offer businesses peace-of-mind from cybercriminals?

Akamai has taken the lead to effectively mitigating this Audience hijacking problem and this new in-browser attack surface by releasing the Audience Highjacking Protector. It provides in-browser protection against unwanted redirection of customers to competing and malicious websites, reduce affiliate fraud and mitigate privacy risks.

The Audience Highjacking protector provides real-time browser monitoring by analysing online website interaction behaviors as they are happening in order to mitigate any threats on a website. Machine learning techniques detects and identify unwanted in-browser activities in promotions, coupons and popular extensions.

Detailed on-demand dashboards and statistics provide a visual presentation of types of behaviors by page, browser, and geography. This enables a retailer to identify malicious hijacking, detect extension high risk behaviors to immediately determine specific mitigations to promote their desired in-browser customer experience. It is a standalone product that does not require any other products which will increase revenue retention, drive effective marketing spend and balance business and openness for extension use.

As we step into the era of the metaverse, where an unprecedented increase in online traffic is expected, capacity at the edge is indispensable. With our edge security platform as the internet endpoint that end-users, including hackers, first connect to through their devices, we continue to innovate and develop security solutions at the edge to keep bad actors out, and users secure. Akamai leverages our in-browser protection capabilities, our global infrastructure, and our deep threat intelligence to make Audience Hijacking Protector fast, accurate, and actionable.