Data privacy: 4 online retailers that are spying on your employees during work hours

“Every move you make, I’ll be watching you.” That 80’s hit from The Police might sound creepy nowadays, but it perfectly depicts how online retailers track “every breath you take.”

How much do you think your employees value their data privacy? The answer is probably not as much as you would hope for the sake of your network’s integrity.

According to the Pew Research Center, only 40% of internet users in the United States are worried about companies selling their personal data or people stealing their identity online. Top that with Americans becoming less knowledgeable about data privacy laws: 72% have little to no understanding. This is up from 63% in 2019

The Target’s Pregnancy Prediction Model

Here’s an example from 2013 that is even more relevant with modern behavior tracking technology, Target, the 6th biggest retailer in the US, sent coupons for baby products to a teenage girl in the Minneapolis area. Her father was furious and complained to the store manager, who apologized. A few days later, the father called back to apologize himself. It turned out that his daughter was indeed pregnant, and Target had figured by tracking her online behavior and learning of her pregnancy before the family did.

This illustrates how retailers can use data to make assumptions about customers and how much information they collect. According to another study by the Pew Research Center, 91% of Americans feel that they have lost control over how their data is collected and used by companies. 

A report by The Atlantic found that online retailers track customers’ every move, from the products they browse to the items they purchase.

Employer-issued devices are being used for more than just work.

A study by IBM found that employees spend an average of 1 hour 12 minutes per week shopping on company-owned computers, a big concern for data privacy. This may seem like a small amount of time, but it adds up quickly, and it’s enough for retailers to collect a significant amount of employee data.

Proofpoint found that 25% of employees use employer-issued devices at home for personal activities like online shopping, gaming, and social media. There’s more: 55% of those users extend device access to family members or trusted friends.

How confident are you that your employees stay safe while surfing and shopping?

Are you actually aware that your staff is likely doing more than work-related tasks on company devices and potentially exposing a lot of personal and sensitive information?

What information is being collected by online retailers?

Online retailers are tracking their user’s every move. Collected data exposes sensitive information and increases vulnerability to phishing attacks.  

So…what types of information are these companies collecting?

Here’s a look at the six biggest online retailers in the US and information they collect* from their users. 

Amazon

“Hi, Mr. Bezos. I know you’re listening.”

Amazon, the largest online retailer in the US, has a market share of 37.6%. They collect a wide range of data, including:

Amazon has been in the news several times for its data collection practices. In 2019, it was revealed that Amazon employees were listening to recordings of customers’ conversations with Alexa. In 2021, Amazon was fined $888 million by the European Union for illegally collecting and using personal data from its users.

Walmart

The second-largest online retailer, with a market share of 6.4%. They collect the following data:

Many have been surprised with Walmart’s use of facial recognition technology in its stores.

Apple

Claiming to be a privacy advocate, Apple collects the following from its users:

And Apple is constantly under scrutiny for its privacy policies, which sometimes seem misleading. 

eBay

The giant auction and marketplace seems to have no regard to data privacy, since it collects 28 data points in its Android app, making it the app that collects the most data from its users. Some of the data collected are:

Ebay has also received a lot of backlash for sharing user data with marketers.

And as for just about all the other online shopping platforms:

This list goes on. If a retailer is selling merchandise, it is tracking shoppers’ behavior. The data collection is massive and, 3 out of 4, share this data with third parties.

Improving data privacy company-wide

Employees should be educated and reminded about how much of their personal information is being collected and shared and what it represents to them and their families. Online privacy is crucial, especially for corporations.

How often should data privacy be enforced in a company?

Do not wait until the next cybersecurity training session. Data privacy should be constantly reinforced company-wide through email or other internal media platforms.

Engage your employees year-round and turn them into cybersecurity heroes with content branded for you by Aware Force.

Our latest infographic about online privacy in 2024 includes eye-opening facts about how your personal information is used online, how users feel about that, and useful steps that can limit how much of your information is available to marketers.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated!)

It’s essential to be aware of the risks involved in online shopping and to take steps to protect your data. Stay safe out there! 😊

* Disclaimer: This article reflects the data and privacy situation as of the publication date. Online data collection and privacy practices may change over time. Please verify the current information before using or acting upon any of the content in this article.

Sources: Pew Research Centar, Statista, Atlantic, IBM

Holiday-safe online shopping: 10 ways your employees can stay protected

Regarding safe online shopping, numbers are the best introduction I can deliver:

According to a study from the Ponemon Institute, 65% of employees admit to using their company computers for personal shopping at least once a week. Of those, 25% say they use their company computers for shopping more than once a day.

Astonishing statistics for holiday online shopping in 2023

safe online shopping 2023: Data about sales during the holiday period

It’s Christmas on the deep web as well.

Common Cyber Threats Faced by Online Shoppers

Online shoppers face increased cyber threats during December, including over 3 billion phishing emails sent each day:

Phishing scams and fraudulent websites: Cybercriminals create fake websites and emails that mimic legitimate e-commerce platforms, tricking users into entering their personal information and credit card details.

Malware and ransomware attacks: a 30% rise in attempted ransomware attacks during winter holidays. Malicious software can be downloaded through infected links or attachments, compromising devices and encrypting data, demanding a ransom payment for decryption.

Data breaches and identity theft: Experian says one in four consumers will be targeted by identity thieves. Data breaches compromise large databases of personal information, exposing individuals to identity theft, financial fraud, and other cybercrimes.


Give Your Workforce the Gift of Safe Online Shopping

To help your employees protect themselves from cyber threats while enjoying the convenience of online shopping, consider these ten essential tips:

1. Take the time to verify the website is the real thing — not an imitation.

Safe online shopping: verify websites

(Credit: Rawpixel)

Only shop on websites that you trust and recognize. Look for the padlock symbol in the address bar (https://) and check for security certifications.

2. Don't use your debit card for online purchases.

Don't use your debit card for online purchases

(Credit: Rawpixel)

Your main debit card might give hackers direct access to your bank funds.

Opt for disposable credit card numbers or mobile payment apps, limiting the potential damage if your card details are compromised.

3. Avoid using public Wi-Fi for online shopping.

Safe online shopping: avoid public wifi

(Credit: Freepik)

Public Wi-Fi networks are often unsecured, making them vulnerable to eavesdropping and interception of sensitive data.

4. Check out the seller.

Check out the seller.

(Credit: Freepik)

Before making a purchase, research who is doing the selling. Check for online reviews and read customer feedback.You can also use a tool like the BBB Scam Tracker to verify the seller's legitimacy.

5. As always, be cautious about clicking links or attachments in emails.

be cautious about clicking links or attachments in emails.

(Credit: Rawpixel)

Phishing emails often contain links or attachments that lead to malicious websites or download malware. Always hover over links to see the actual web address where it will take you, and never open suspicious attachments.

6. Keep the software on your computer and smartphone up to date.

Update software on your computer.

(Credit: Rawpixel)

Regularly update your operating systems, web browsers, and other software applications to ensure you have the latest security patches and protection against known vulnerabilities.

7. Be suspicious of products and posts on social media. 

Raise cyber security awareness: be suspicious of products and posts on social media

(Credit: Rawpixel)

Cybercriminals often use social media platforms to spread phishing scams, fake deals, and malware-laden links. Be wary of unsolicited messages, links, and attachments, and never click on suspicious promotions or offers.

8. Use a trusted password manager.

Use a trusted password manager.

(Credit: Rawpixel)

Create strong and unique passwords for all your online accounts, and consider using a password manager to store and manage your passwords securely.

9. It’s ok to lie on those shopping forms.

To protect your data, maybe lie on those shopping forms.

(Credit: Rawpixel)

Avoid oversharing personal information on online forms or social media platforms. Only provide the minimum information required to complete a transaction or create an account. There’s no reason an online retailer needs to know your birthdate, cellphone number, or your mother’s maiden name. Lie in the form or omit information if necessary.

10. Got scammed?! Get revenge.

report scams to authorities and IT teams.

(Credit: Rawpixel)

If you suspect you've been scammed, act promptly. Report the incident to your IT department, the Federal Trade Commission (FTC), your state's attorney general, or even the FBI.

One more thing about safe online shopping

Cybersecurity is a collective responsibility, and every employee plays a vital role in protecting your organization's assets and data. By equipping your employees with the knowledge, tools, and awareness they need to navigate the online shopping landscape safely and securely, you can significantly reduce the risk of cyberattacks and safeguard your organization during the holiday season and beyond.

Share this information with them.

And, if you need assistance educating your workforce and raising awareness about the risks of online shopping, look at our Cyber Library, where you can find cybersecurity resources branded for your organization, like our guide for safe online shopping.

Online shopping Awareness

Safe online holiday shopping

Help your team to be smart and stay safe when shopping online with this helpful PDF branded for your company. 

This PDF guide includes tips on how to:

  • Identify and avoid fake ads and websites
  • Choose trusted retailers
  • Evaluate online reviews
  • Pay safely and securely
  • Protect their personal information

See it in the Aware Force Cyber Library

Too busy to take care of your daily workflow to focus on educating your workforce?

Aware Force is here. We deliver timely, relevant content year-round — branded and tailored for your organization, reinforcing your team’s role as subject-matter experts.

Aware Force’s content is easy to use and ready to integrate with your existing cybersecurity programs.

It’s ideal for intranets, websites, internal social media, and your onboarding program.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated.


Sources:
1,2,3,4,5: statista.com
6: capitalcounselor.com

7: darktrace.com

8: cybereason.com

9: National Fraud Intelligence Bureau (UK)

Cyber Monday Scams: How to Prepare Your Team for 3 of the Most Feared Threats

Get ready for a story about a cyber snowball of epic proportions:

2013. Sharpsburg, Pennsylvania. Leaves are getting rusty and falling from the trees, temperatures are starting to dip below the 50’s. It’s cold, with a gentle breeze outside. Autumn is looking great so far, and Thanksgiving is approaching. 

An employee from an HVAC company sits behind his monitor. Black Friday and Cyber Monday are right around the corner. So, he’s using some of his free time to browse the deals online.

He comes upon an ad for a discounted product, clicks it, and receives an email with a link. He clicks the link

Unknowingly, he has clicked on a malicious link, infecting his computer with malware, allowing hackers to access his company's network. The attackers steal credentials and customer data, including names, addresses, phone numbers, and Social Security numbers.

This unspectacular event from the little-known company would wind up playing a major role in a devastating cyber attack, affecting millions of Americans and costing one of the biggest retailers sales and a decline in its stock price. Oh, and the CISO her job.

It happens that this particular HVAC company was a contractor of Target, the US retailer with nearly 2,000 stores. After infecting the company’s network, the attackers expanded their target to the HVAC’s customers, including Target itself, and were able to use stolen credentials from the contractor to gain access to Target’s network, seizing the personal and financial information of millions of Americans. 

It’s the famous Target breach. Ultimately, cybercriminals were able to steal 40 million credit and debit records and 70 million customer records. In addition to reputational damage, Target’s net earnings dropped from $1.47 a share the year-earlier holiday quarter to 81¢ a share. 

The scenario for Cyber Monday 2023

A year ago, Americans set a new record for shopping online, spending $11.3 billion on Cyber Monday, more than any other shopping day that year.

Look for a new record this year., By some estimates, consumers in the US alone will spend $13.7 billion online. Last year, the average American spent between $113 and $147 on Cyber Monday.

Online shopping Awareness

Safe online holiday shopping

Help your team to be smart and stay safe when shopping online with this helpful PDF branded for your company

This PDF guide includes tips on how to:

  • Identify and avoid fake ads and websites
  • Choose trusted retailers
  • Evaluate online reviews
  • Pay safely and securely
  • Protect their personal information

See it in the Aware Force Cyber Library

What cyber threats to look out for during Cyber Monday 2023

Here are three of the most common Cyber Monday scams to keep in mind this year and how to spot and avoid them: 

Fraudulent websites and online stores

Criminals create fake online stores or spoof real ones. These websites — often online for only a matter of hours — are designed to steal personal or financial information or to trick users into buying non-existent products.

How to spot and avoid fraudulent websites:

Fake delivery scams

Fake delivery notifications or order confirmations are sent to shoppers, claiming an issue with the shipment: a delay, a missing package, or a fee. The scammers then ask the shoppers to click on a link, call a number, or reply with personal or payment information to resolve the issue.

How to spot and avoid fake delivery scams:

“Too good to be true” Ads

They will be all over social media and blogs: flashy ads with impossibly low prices. Often, these ads take the user to fake websites. 

How to spot and avoid fake ad scams:

Other scams to keep in mind

A few other scams that you can expect to hit the online shelves this autumn are:

How do you keep employees alert and protect the company?

Cybersecurity awareness is crucial during the holidays. Creating and maintaining a cybersecurity awareness program is challenging and time-consuming.

Right now, organizations should engage employees with helpful, time-sensitive content.

Too busy to take care of your daily workflow to focus on educating your workforce?

Aware Force is here. We deliver timely, relevant content year-round — branded and tailored for your organization, reinforcing your team’s role as subject-matter experts.

Aware Force’s content is easy to use and ready to integrate with your existing cybersecurity programs.

It’s ideal for intranets, websites, internal social media, and your onboarding program.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated!)