This period sees a surge in online activities and financial transactions — ranging from scouring for the best shopping deals to cross-border money transfers for holiday gifts.
Consequently, this holiday shopping season becomes a prime opportunity for cybercriminals to exploit unsuspecting digital shoppers through phishing scams, fraudulent websites, and payment fraud.
The impact is evident in the losses reported in Thailand over the past three years (March 1, 2022, to October 31, 2024), amounting to 74.8 billion baht across 708,141 online fraud complaints.
The most commonly reported scams involve goods or service sales, resulting in 4.72 billion baht in damages. With online activity expected to surge during the upcoming shopping season, this highlights the urgent need for heightened cybersecurity awareness.
“As Thailand's retail and e-commerce industry grows and cyber threats become more sophisticated, the need for robust cybersecurity measures is more critical than ever,” said Piya Jitnimit, Country Manager of Thailand, Palo Alto Networks.
“While the government plays a key role in protecting consumers by fostering a safer online environment through various strategies and regulations, awareness and preparedness are essential for a strong defense. Retailers and businesses must take proactive measures to secure their platforms, while consumers should remain vigilant to enjoy a safe holiday season.”
The growth of online shopping and digital payments has revolutionized consumer behaviour in Thailand but has also brought new risks. High transaction volumes during major events like 12.12 and Year-End sales present lucrative opportunities for cybercriminals.
As online transactions surge, consumers face growing risks from threats like APK attacks — malicious software targeting mobile apps—and deepfake scams. To ensure safety, it is crucial for consumers to remain vigilant about their online security, especially during peak holiday seasons.
Palo Alto Networks offers the following best practices to ensure a safe experience:
● Verify Authenticity: Double-check emails and offers before clicking on any links. Look out for misspellings, unusual domains, and suspicious attachments.
● Use Two-Factor Authentication (2FA): Enable 2FA for all accounts, especially when shopping online, to provide an extra layer of security.
● Shop Through Official Channels: Avoid unofficial or unknown websites. Stick to trusted and secure online shopping platforms.
● Beware of Phishing Scams: Be cautious of deals that seem too good to be true and fake order confirmation emails.
● Strengthen Passwords: Use strong, unique passwords for all online accounts and consider using a password manager for added security.
● Avoid Sharing Personal Information: Never provide sensitive personal details like social security numbers or banking information in response to unsolicited requests.
For online shopping, the “Dee-Delivery” measure for the CoD (Cash-on-delivery) transactions offers an added layer of protection for consumers, reducing the risks associated with paying upfront for items that may not be delivered or could be of poor quality.
The Office of Consumer Protection Board has recently implemented a new CoD regulation, which allows customers to inspect packages of products ordered online before making payment.
“CoD transactions are part of the government’s efforts to protect consumers. These are all done with the goal of giving scammers a run for their money and providing a safer online shopping experience for everyone. However, individuals and businesses need to practice safe online practices, such as reviewing seller ratings, checking return policies, and ensuring the platform's credibility. All these can significantly enhance consumer safety,” said Piya.
At the same time, businesses must strengthen their defenses against cyber threats. Common threats during peak periods include social engineering tactics like phishing scams, which trick employees into sharing sensitive information, and ransomware attacks, which can lock down critical systems until a ransom is paid.
Additionally, Distributed Denial of Service (DDoS) attacks can overwhelm retail websites with traffic, causing potential downtime and disrupting the customer experience.
To effectively mitigate these risks, businesses should adopt a zero-trust approach that emphasizes strict verification for every user and device accessing their networks, ensuring that no implicit trust is given.
By integrating comprehensive threat detection, response, and data protection into a Zero Trust framework, businesses can enhance visibility, streamline security operations, and enable real-time threat responses.
This approach not only safeguards sensitive data but also maintains a seamless user experience, ensuring both protection and convenience for consumers.
During the high-traffic shopping seasons, particularly toward the end of the year, adopting a zero-trust approach becomes essential in building resilience and defending against an expanding attack surface. Ultimately, cybersecurity is a shared responsibility, and by fostering collaboration among government, businesses, and consumers to create a safer and more secure online environment for all," closed Piya.