Instart: Halloween Is the Spooky Start to Online Fraud Season

The Leader in Making Digital Properties Safer, Faster and More Appealing Helps Online Retailers Prepare for Increasingly Sophisticated Attacks

PALO ALTO, Calif.--()--For online merchants and fraudsters alike, Halloween is the true start of the holiday retail season, says Instart, the company helping thousands of leading brands around the world deliver a faster, safer and more profitable digital experience.

Holiday sales account for up to 30 percent of online retailers’ yearly revenue, according to the National Retail Federation (NRF), and the Halloween start to the holiday retail season will be strong, according to NRF survey data, with total planned Halloween spending estimated to reach $9.1 billion in 2018, up from 2017's $8.4 billion. This increase in Halloween sales reflects the overall strength of the retail economy, which according to Kiplinger’s is predicted to grow at more than 5 percent in 2018 as online retail grows at 14 percent overall. However, this surge in retail and e-commerce sales comes at the price of increased online fraud, particularly around the holidays.

As holiday e-commerce increases in scale, transaction volume and complexity, criminals are opportunistically driving an increase in fraud. According to one report, digital fraud efforts increased 22 percent between Thanksgiving and Christmas last year, and Instart predicts similar developments for 2018. Recent attack trends documented by Instart include “high-fidelity” human behavior imitation used for “credential stuffing” attacks and fraudulent purchases with stolen user information, as well as native mobile API endpoint attacks, wherein APIs intended for use by mobile applications are abused directly by bots and attackers. In addition, hackers are now coordinating attacks across multiple botnets to obfuscate malicious activity, making it difficult to detect and block. At the same time, harmful applications and browser extensions are being hidden within trusted websites, exploiting user trust and complicating security efforts.

“For online retailers looking to the ghouls and goblins of Halloween and the joy of the holidays that are just a few weeks hence, identifying the problem of online fraud is only the first step,” observed Dan Druker, CMO for Instart. “This year, we are expecting an uptick in cybercrime related to tags and cloud services. Retailers have been under pressure to add as many as 50 different tags and cloud services to deliver compelling functionality for their customers. But when your application is running across 50 different places on the internet, none of which you control, it’s very easy for the bad guys to hide. This year retailers should take special care to catalog and inspect every one of their tags and cloud services to make sure nothing nefarious is going on.”

“We are seeing the same trends when it comes to this year’s holidays, and the Halloween season continues to become more popular in the UK craft market,” observed Dan Collier, Head of IT, Hobbycraft. "As online spending increases, cybercrime is becoming more prolific. The only way for retailers to win this game of cat and mouse is to be well-prepared in the form of software-based solutions that monitor systems and applications as part of a holistic strategy to protect business assets and consumers. Hobbycraft utilizes the Instart security suite of products to help protect our ecommerce website, with Instart's software proactively blocking malicious threats in real time."

Instart recommends that a strong cyber defense strategy for retailers be based on a solid understanding of their own internal “readiness posture” and a clear assessment of the threat environment. Key principles include “defense in depth,” ensuring security controls are deployed to protect against vulnerabilities, bots, account compromise and DDoS attacks, as well as development and documentation around plans for attacks and outages, including technical responses, internal communications and public relations plans.

Specific techniques apply in applications and systems areas, and both in-house and commercial applications should undergo a security audit and have the latest patches and software updates installed. Cloud services should be cataloged and scanned to prevent the introduction of vulnerabilities from internal or external JavaScript, and companies should install solutions to detect if and when customers have been compromised and ensure that they follow relevant cybersecurity regulations.

Systems are also part of a holistic security plan, and network devices should be properly configured and maintained with the latest security patches and software, while security controls should be deployed across the network at the same time, including tools for visibility, control and defense against malicious activity. This preparedness posture should extend to service providers, including cloud vendors, which should also operate under the same security processes and controls as the larger IT organization.

Many retailers also simulate successful cyberattacks in order to validate their responses and to expose any weaknesses in systems or teams. This sort of “planning for the worst” is an effective line of defense against cybercrime, which can also include software from Instart, which offers a comprehensive platform designed from the ground up to deliver a faster and more enjoyable and secure online experience.

Instart solutions for fighting Halloween cybercrime include the Instart Security Suite, with a web app firewall, origin cloaking, a self-service security rules engine and DDoS protection, as well as artificial intelligence-driven Bot Defense for protection from sophisticated bots, while Instart Security Services offer one-time or ongoing security analysis, tuning and monitoring for online retailers. By implementing a comprehensive security plan and pairing it with a robust set of solutions from Instart, online retailers can be ready for any security challenge the upcoming Halloween and holiday retail seasons bring.

About Instart

Instart helps thousands of leading brands around the world deliver a faster, safer and more profitable customer experience through its revolutionary digital experience cloud. Instart combines machine learning, application and device awareness, and open APIs with a broad suite of integrated and automated cloud services, including web and mobile application performance optimization, image optimization, digital advertising optimization, web application security, DDOS protection, bot management and security, and content delivery. Using Instart, enterprises can provide ultra-fast, visually immersive, amazingly engaging and highly secure experiences on any device to maximize revenue, deliver superior customer experience, and gain competitive advantage. Learn more at, or follow us on Twitter @instart.


Ruben Ramirez, 917-699-9083

Release Summary

For online merchants and fraudsters alike, Halloween is the true start of the holiday retail season, says Instart.


Ruben Ramirez, 917-699-9083