Alexandra Forsyth Alexandra Forsyth

‘TIS THE SEASON CHRISTMAS RISKS FOR RETAILERS

Seasonal peak period for threat actor activity and cyber crime awareness is upon us! Time to get prepared and understand how retail and fashion will be impacted during Black Friday.

AFRG will deep dive into key dates for threat actors targeting the retail and fashion industry in 2024.

Key Dates

Singles Day – November 11

Thanksgiving Sales – November 23

Black Friday (White Friday in some parts of the Middle East) – November 29

Small Business Saturday – November 30

Cyber Monday – December 02  

Global Participation

Black Friday originated in the US in the 1980’s, as part of a post-thanksgiving sales event, and has over the years expanded into a global enterprise of sales, discounts, and promotions, thrust at consumers within a mere few days in the lead up to Christmas. One other major holiday event is the 24-hour shopping extravaganza called ‘Singles Day’, created in China to promote anti-valentines, and has since taken favour among Middle Eastern countries such the United Arab Emirates and parts of Europe such as Spain.

Across wider Europe, countries such as the UK, France, and Germany, all started to adopt Black Friday in the last three to four years, alongside central and southern American countries, China and southeastern Asia, and parts of Africa. In the Middle East, the day is marked as ‘white Friday’, a symbol of positive emotions, images and goodness.

Ransomware Groups

In general, some of the biggest threats facing retail transpire from ransomware-based cyber attacks all year round. During the holiday season, ransomware-focused threat groups will show more desire to target the retail industry and include:

  • RansomHub

  • BlackBasta

  • Royal

  • Akira

  • BlackCat (AKA ALPHV),

  • Cl0p,

  • LockBit,

  • Play.

Consumer Expectations & Cyber Crime Activities

Retailers can expect to see a rise in consumers wanting to shop seasonal sales earlier this year, with the customer experience, post-purchase playing a crucial role such as “Hassle-free returns and real-time tracking” being key drivers”.

Retailers are advised to keep their websites updated, making sure technology is equipped to handle the influx in visitors, alongside updated inventory lists and stock is well-managed.

Rise in Fraud

Seasonal days such as Black Friday offer an influx in fraud, with increase in traffic, risks increase meaning robust security during the checkout process for customers needs to be implemented.

Scammers are likely to seek out opportunities to use tactics such as social engineering (phishing) via email and SMS messaging, website impersonation by registering a string of different domains mimicking legitimate retailers to advertise fake deals, and deploy malware (Magecart) into the checkout process by exploiting web server software vulnerabilities, and creating fake checkout forms to extract financial data from customers.

Citizen’s Advice claim in new research one in five (18%) of people across the UK have fallen victim to finance scams in the last 12 months. Enhanced technology such as artificial intelligence (AI), QR code scams, and social media have increased fraudulent behaviours. There are concerns AI will increase online fraud (70% British consumers) while shopping fraud on social media amounts to 51% of fraud cases.

Organised criminals are also getting involved in return fraud as a service schemes, designed to target retailers through technology usage, advertising and promoting through social media ads and via platforms like Telegram, Discord, Facebook, TikTok, and Instagram; while communicating with other organised criminals discussing strategies for fraudulent behaviours.

Organised criminals are marketing services on Reddit, TikTok and Telegram, using “refund method” — or “r3fund,” to skirt content moderators. In December 2023, Amazon filed a lawsuit against several people globally with alleged ties to a wide scale refund fraud operation stealing millions.

In 2024, retailers are tightening return policies, offering store credit instead of cash refunds, and implementing return fees to customers who are victims of fraud. The UK also recently introduced the Payment Systems Regulator (PSR) new rules on Authorised Push Payment (APP) fraud to reduce increasing threats from fraud. Under the PSR new rules, people making payments from UK accounts will benefit from further protections including being reimbursed with five business days of making a claim, coverage of up to GBP£85K, applying from 07 October 2024.

Payment fraud is set to increase across point-of-sale terminals, ATM’s, online and mobile channels during peak season sales across the retail industry.

The latest figures from the Crime Survey for England and Wales (CSEW) shows an estimated 20% increase in consumer and retail fraud, alongside an estimated 9.2 million incidents of headline crime including theft, robbery, criminal damage, fraud, computer misuse and other abusive activities ending June 2024.

58% of attacks originate from phishing

47% of stolen user sessions leverage Amazon domains

92% of credential access techniques were brute-force attempts

 

Financial and reputational impacts of fraud through account takeover for example can be severe for both retailer and customers because threat actors are using legitimate accounts and details to make large fraudulent purchases. After the victim identifies the unauthorised activity and issues a chargeback with their card issuer, the retailer will have to decide to refund in order to not lose the customer or dispute the claim; and if too frequent chargebacks are made against a retailer, this can result in appearing in a ‘high alert’ category.

 

Fraudsters are likely to combine a personal identification number such as a social security number (SSN) or a social insurance number (SIN) with a fake name and address. During Black Friday and peak season, high volumns in online traffic may make it harder to monitor all account activity.

In the first half of 2024, over GBP£570M was stolen in payment fraud, while total cases of fraud rose by 16 percent compared to 2023.

Online fraud is hitting younger users harder, with nearly 70% of 16-24-year-olds encountering fraud at least once a year, compared to 38% for those aged 45-54.

New research by cyber security professionals also shows an influx of AI-driven cyber attacks, rising to half a million in the last six months. The AI tools being leveraged include ChatGPT, Claude, and Gemini, alongside specialised bots that are designed to scrape websites for LLM training data. AI tools can be used by retailers, employees and customers for digital transactions, limited-time promotions, and the gift cards and loyalty points stored in accounts.

Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyber threats.

Business logic abuse as the most common AI-driven attack, accounting for 30.7% of all incidents. Business logic abuse involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, such as manipulating prices, bypassing authentication, or abusing discount codes. Cyber criminals are now leveraging AI to coordinate large botnets more efficiently, enhancing the effectiveness of these attack. Attacks from bad bots account for 20.8% of AI-driven threats. 

Types of Fraud

Refund Fraud occurs when a threat actor claims an item arrived damaged in the hope of keeping the item for free.

Organised return fraud as a service - is increasing by organised criminals in 2024, targeting retailers through technology usage, cyber criminals advertising and promoting through social media ads and via platforms like Telegram, Discord, Facebook, TikTok, and Instagram, communicating with other organised criminals discussing strategies for fraudulent behaviours. Organised criminals are marketing services on Reddit, TikTok and Telegram, using “refund method” — or “r3fund,” to skirt content moderators.

Synthetic identity fraud – takes place when threat actors create accounts online using real-world information relating to individuals bought on the dark web including personal information such as name, address and so forth. According to recent research, there has been a 500% increase in high-risk synthetic identities in circulation in the UK since 2020.

Fraudsters are likely to combine a personal identification number such as a social security number (SSN) or a social insurance number (SIN) with a fake name and address. During Black Friday and peak season, high volumns in online traffic may make it harder to monitor all account activity.

Fake Delivery Scams target large volumes of people through mass campaigns, knowing that some are likely already expecting parcels, and then coerces victims into sharing information and bank details to rearrange delivery. Recently, Evri parcel delivery service has been facing an influx in scam text messages being sent to customers, however from random spoofed mobile numbers. ‘Failed delivery attempts’ and ‘package damage missing postal code’ are sent alongside phishing links using a shorter URL generator to mask real URLs, while others lead to QR code scanning to download malware.

Survey fraud promises fake rewards for sharing personal information and completing surveys. The emails are designed to trick people into completing a survey in order to claim a free prize. If you receive a suspicious email, you can report it by forwarding the email to: report@phishing.gov.uk.

Purchase Scams are conducted by cyber criminals who offer too-good-to-be-true prices, impersonating genuine retailers on fake websites. Fraudsters can also sell non-existent products at discounted prices to attract buyers. The victim pays in advance for goods or services that are never received, usually ordered on an online platform such as an auction website or social media. Also referred to as triangulation fraud, these types of scams usually take place on third-party sites such as Amazon and eBay, whereby the scammer lists items that are non-existent or are not immediately available, meaning when the victim purchases the items, they will not recieve the items or the scammer uses stolen credit/debit card details to make the purchases and then ship them to the buyer. The victim is the person whose details have been stolen and used for frauding, leading to chargeback requests against the platform through card merchant. Triangle Scams mean too-good-to-be-true-prices, unverified sellers, unusual payment requests and non-standard shipping practices.

Gift card scams are rising in popularity since gift cards are not subject to the same regulations as credit and debit card transactions, nor are they linked to specific individuals. In October 2024, UK retailer Tesco issued a statement after an elderly customer was scammed GBP£140K through gift card purchases. The threat actor pretended to be a well-known musician on social media platform Facebook, sending messages about purchasing Apple gift cards and getting the money back eventually. Moving away from Facebook, the messaging app ‘Signal’ was used offering a level of de-tracking.

Guidance

Avoiding navigating to untrusted or unknown websites and never assume that links on known websites are safe.

Where possible view items in person before making payment.

Research the seller and site and always read the reviews. Check several review sites and compare them.

Password support - Three Random Words technique to keep your online accounts secure.

2SV - 2 step verification for your accounts including email, banking, social media, and shopping to keep cyber criminals out, even if they discover your passwords.

Report scam messages - ActionFraud. 

MFA - Should be enabled on accounts by using two or more proofs of identity to log in. For example, using your login details as well as an authentication code (Microsoft Authenticator App from Apple Store and Google Play Store). Additional forms of MFA include a PIN, secret question, fingerprint, and biometrics (also helps protect against deepfakes/AI).

Read More
Alexandra Forsyth Alexandra Forsyth

CYBER SECURITY AWARENESS MONTH - OCT / 2024

Cyber Security Awareness Month - October 2024.

Join AFRG NETWORK for Insights

NCSC and General Guidance

The National Cyber Security Centre marks 20 years of awareness month, choosing the theme ‘Digital Defenders’ to support individuals, organisations and growing businesses stay protected against cyber crime activity.

Password Support - Three Random Words technique to keep your online accounts secure.

2SV - 2 step verification for your accounts including email, banking, social media, and shopping to keep cyber criminals out, even if they discover your passwords.

Report Scam Messages - report@phishing.gov.uk and ActionFraud

Cyber Essentials - A self-assessment option that offer protection against common cyber attacks and helps to shield you from unwanted attention.

Secure Websites and Data - Implement software updates as a key defence; businesses encrypt all data transmission, thoroughly vet third-party tools via supply chain assessments, and scan source code for unauthorised changes. Try and only collect the minimum customer data required for any transaction; backing up the site’s code and databases will allow it to be restored quickly, minimising disruptions. 

OSINT TOOLS: Keep Updated with Industry-Relevant News

Global Cyber Attack Daily Database

https://konbriefing.com/en-topics/cyber-attacks.html

Global Data Breach Database

https://www.itgovernance.co.uk/blog/global-data-breaches-and-cyber-attacks-in-2024

Ransomware Lookup

https://www.ransomlook.io/groups

https://www.ransom-db.com

https://spin.ai/resources/ransomware-tracker

https://www.ransomware.live

Security Advisories

https://www.misp-project.org/security

https://nvd.nist.gov

https://www.cisa.gov/news-events/cybersecurity-advisories

Cyber Security Certification

COMPTIA

EC-Council

COURSERA

UDEMY

Read More
Alexandra Forsyth Alexandra Forsyth

LUXURY RETAIL THREAT LANDSCAPE 2024

Exploring the luxury retail threat landscape.

Biggest concerns for luxury retail and fashion brands:

Public facing image to customers (outward facing)

Reputation

Revenue generation – financial impacts of cyber crime

Advanced technology – keeping up with AI, VR, Metaverse and deepfakes/fraud

Financially motivated cyber crime represents a high threat to retail organisation’s worldwide. Significant threat activity types include ransomware, infostealers, including point-of-sale (POS) malware, widespread malware distribution by phishing and spear-phishing campaigns, enhanced through AI,  and DDoS campaigns conducted to extort victims.

Ransomware is increasing against luxury fashion businesses, with the intention to leverage unprotected endpoints to gain initial access. For some ransomware groups, data extortion takes priority over encryption, focusing on exfiltrating the data to extort victims, which can result in long-term reputational damage, regulatory fines, and legal requirements.

Ransomware is a type of malware blocks access to victim’s data, holding it ‘ransom’ until payment is made to threat actor. Retail is one of the most targeted by ransomware, after financial services, manufacturing, and critical infrastructure. For retailers, this can completely shutdown online and offline operations, if machines connected to the main network, with instances of screens are not working, not being able to print receipts, resorting to manual pen and paper at a store level – also manufacturing, lack of fulfilling orders, click and collect, home delivery impacted, can’t scan orders due to some retail employees using handheld devices etc. Inventory losses, needing to estimate and pay more for stock, and limited access to payroll for employees.

Types of compromise such as phishing with the end goal in mind being fraud, continue to plague retailers who are worried about financial and reputational impacts to operations and customer trust. For example, cyber crime operations can include brand impersonation and defrauding consumers, seeking to exfiltrate consumer data including financial and personally identifiable data. In the UK, cyber and data threats remain a top concern for retailers, alongside regulatory environment issues including international trade and environmental policies.

Fraud is multipurpose, involving a company’s brand being impersonated to lure customers into clicking on links and entering their details personal and financial, leading onto fraud. This can take place through social media, brand impersonating of logo, product descriptions being advertised online; or linked to the dark web – threat actors purchasing fraudulent documents with sensitive information about the company, create scam-high-profile accounts of VIPs.

Artificial Intelligence (AI) and technological advancements remain buzzwords in the retail industry, across many sectors including luxury. There is limited understanding as to how AI is being used for malicious purposes and what is required for retailers to strengthen security postures. Deepfakes are looming on social media platforms such as Instagram and TikTok; with well-known personalities and influencers endorsing brands for monetisation. Links are often attached to the designer items on screen, however in some instances videos are deepfakes, redirecting to fake websites selling counterfeit items, with reviews resembling authenticity to lure customers to make purchases resulting in fraud.

Public Member Actions:

If you have a personal public social media account, try and limit information you share, don’t tell the world when and where you’re checking in from, if it’s a dinner or holiday and so forth. We don’t need to know its your Birthday, or where you live or who you work for. This can be removed and your account, and still public would be a lot safer.

Implement MFA – multi factor authentication, create strong passwords, use facial recognition, biometrics, PIN, authenticator app code. Whatever you can do to secure logging, I would recommend.

Retailer Actions:

Think of your company or businesses as a story – each time you create a new business account, post about products, customers, revenue online, industry reports, because we are seeing more companies share their journey online; these are pieces of the puzzle threat actors can use to find a way in.

If you post your revenue forecast for the year, or that your growth over the seasonal periods was x amounts, threat actors may go after your company for financial gain.  London Fashion Week.

Incidents to note:

In September 2024, it was announced many French organisations including retailer Cultura, electronics and home appliances Boulanger and media outlets were all victims of a data breach carried out by threat actor ‘horrormar44’ obtaining names, physical addresses, email addresses and phone numbers. A sample of the data was shared on BreachForums website, but it is not known if a ransom was demanded or paid by any of the victims.

In September 2024, high-end British retailer Harvey Nichols informed its customer base that data had been exposed in a cyber attack on September 16. Initial access inside the organisation has not been disclosed, but given the vast revenue and popularity of Harvey Nichols, it is often the subject of cyber criminal activity resulting in reputational, financial and legal implications.

In June 2024, Dallas, US-based luxury retailer Neiman Marcus disclosed a data breach impacting over 60,000 of its customers due to unauthorised access to its personal information stored on the database platform because of the widespread Snowflake software breach. PII information included names, email addresses, phone numbers and date of birth. Threat actor ‘Sp1d3r’ is said to have advertised the stolen data on the dark web, indicating Neiman Marcus refusal to pay a ransom.

In March 2024, ILG one of the world’s leading fashion and lifestyle accessories companies encompassing an impressive portfolio of brands and clients, suffered a cyber attack carried out by infamous ransomware group BlackBasta. The breach involved 1 TB of data including account records, company information, designs (R&D), and personal details. BlackBasta gave ILG a deadline before exposing them. However, little follow-up details into whether ILG paid the ransom has been made available.

In November 2023, Australian brand Honey Birdette was targeted by the 8Base ransomware group while promoting its savvy Cyber Monday deals for consumers. 8Base shared with its dark web community intentions to publish the alleged stolen data including sensitive documents including invoices, receipts, accounting records employee contracts and other confidential information.

Sometimes hackers want sensitive data, and personal information. For example, a luxury vehicle fleet and regularly chauffeur celebrities to and from the airport, red carpet events, and other gatherings. There is the added risk that someone might try to hack into the company’s network to find out when and where a particular celebrity will be using your services. If the network is not secure enough to keep hackers out, encryption is the only thing that will ensure your data is useless.

Another example from 2013 involved a limousine and town car service hacked. The data dump was found on a server with data from several other incidents. It appears to have been caused by a vulnerability in ColdFusion, a popular programming language at the time. In addition to credit cards, details about celebrities’ whereabouts and travels were included in the dump.

2025 Predictions:

Emergence of new ransomware groups – we have seen an increase this year, with affiliate groups working together, selling each other services and being bold in targeting.

Negotiating with victims – trying to offer decryptor for ransomware payment.

Being persistent – targeting C-suite to get ransom payment.

Ransomware - Vast amounts of customer data including credit card information, prime target for threat actors looking to steal and sell data on the dark web for profit. This can lead to loss of sales, disruption to operations and financial impacts of paying ransom demands.

Optimism – retailers investing in cyber security tooling but overwhelmed, too many tools, fatigue, more alignment with company goals and needs.

Read More
Alexandra Forsyth Alexandra Forsyth

LONDON FASHION WEEK SS25

London Fashion Week SS25 Sneak Peek!

Join the AFRG NETWORK for full exclusive insights!

Checkout the June LFW blog and image gallery.

KEY HIGHLIGHTS

Bibiy

Pam Hogg ‘Of Gods and Monsters’

Hu Bing Selects / The Consistence

Paul Costelloe - Spring / Summer 2025

Noon By Noor - Spring / Summer 2025

Fashion Scout Presents BUERLANGMA SS25 Capsule

Ancuta Sarca - SS25 Presentation

London Fashion Week Schedule SS25

Dates: 12 - 17 September

Location: On Schedule and Citywide

Agenda: Emphasis on Womenswear

Designers and Brands: Gorgeous bridal collection by Dimitra Pesta’s Di Pesta label (check out LFW June for a sneak peek).

Marie Leuder’s LUEDER LFW catwalk debut via BFC’s NEWGEN scheme.

Seasonal best picks, incoming JW Anderson and Burberry.

New generation of talent including LVMH Prize WINNER Standing Ground, Fashion East, KNWLS and more!

Pre-London Fashion Week - Popup Event with Bibiy

First launched in 2019, Bibiy, home to reimagining scalability and versatility through outerwear has managed to successfully create contemporary ready-to-wear clothing and investment pieces from t-shirts with frills to sequin suits. The Japanese brand has big plans to expand in London, while still attracting a strong customer-base from China and Japan willing to travel overseas to pick up the latest pieces.

Thursday 12 September - Afternoon

Pam Hogg ‘Of Gods and Monsters’ Collection Presentation (1pm-4pm)

‘unconventional clothes for confident women’.

AFRG began London Fashion Week by heading to 1 Holywell Lane, Hackney, London to explore the Scottish world that is self-taught designer, pioneer, TEDX speaker and visionary Pam Hogg.

Considering AFRG is giving her own TEDX talk in October 2024, it seems fitting to explore more.

Thursday 12 September - Evening

Hu Bing Selects / The Consistence Catwalk Show

Diving into the NewGEN British Fashion Council (BFC) space hosting upcoming designers during London Fashion Week at 180 The Strand, London; actor, model and writer Hu Bing celebrates his 10th anniversary as the BFC LFW Ambassador for China, launching ‘Hu Bing Selects’, a new initiative and emerging platform for Chinese talent globally.

Friday 13 September - Morning / Afternoon

Paul Costelloe - Spring / Summer 2025 Runway

‘Le ciel est bleu’

Irish-American designer Paul Costelloe is one of the most established names in British and Irish fashion. Since the establishment of the fashion house under his own name, this family owned and run business has been a leader in the use of hand-crafted, luxurious fabrics combined with cutting edge design, innovation and creativity. Paul works with renowned technicians, suppliers and manufacturers to deliver collections of the highest quality, texture and comfort.

The runway show oozed with creativity, femininity, charm, elegance and electricity. The playlist was curated to fit each intersection of Paul’s collection, beautifully transitioning the models and audience together. The theme and storyline followed Parisians out and about strolling down Boulevard Saint-Germain and lunching on Rue Saint-Honore. Materials included Irish Linens, cotton, silk Jacquards presented through pastels, bridal dresses, tweed, and silk spreading youthfulness and fantasy.

Noon By Noor - Spring / Summer 2025 Collection Presentation

‘Ray of Light’

Founders and Designers Shaikha Noor Rashid Al Khalifa and Shaikha Haya Mohamed Al Khalifa of Noon By Noor showcased their Spring Summer 2025 collection, presented against the backdrop of the ethereal and enigmatic Somerset House, home to many of London’s finest artists.

 

The luxury womenswear designer brand, first established in 2008 has set the pace for serving it’s global customer base and audience over the last years.

Designs focused on light, and airy pieces, alongside elements of fun textures, subtle and creative colours blended well together, providing a visual experience for the audience. Overall, Linen tuxedos were paired with long skirts, and dresses worn over other garments and adjusted with a nonchalant twist.

Fashion Scout Presents BUERLANGMA SS25 Capsule Runway

BUERLANGMA the Beijing-born fashion house established by visionary designer QiqiYuan and Crystal Wang, and celebrated supermodel Yuan Bo Chao in 2020, enthralled audiences at London Fashion Week.

The brand’s name, "BUERLANGMA" carries significant symbolism “BUER” signifies uniqueness, while “LANGMA” derived from the Tibetan term for Mount Everest, symbolises the pinnacle of achievement within the fashion industry. A legacy this collection, hosted by Fashion Scout, continued to strengthen.

For SS25, BUERLANGMA has developed a collection divided into five distinct yet interconnected sections - Desire, Power, Degenerate Peace, and Vold - reflecting the brand's commentary on society through past, present, and future lenses.

Ancuta Sarca - SS25 Presentation

Renowned footwear brand Ancuta have been worn by familar faces globally, hitting the ground running with its inventive, stylish, outlandish, desired and unforgettable designs; creating sneaker-heel hybrids that speak about juxtapositions of masculine and feminine, vintage and modern, sportswear and luxury. 

From origins in Romania, to debuting the label at London Fashion Week SS20, Ancuta has been supported by groundbreaking visionary designer Fashion East. Sustainability is the word for Ancuta, utilising techniques such as restoration and repainting within the circular design. Supported by Nike in 2020, the brand breathed new life into old and worn Nike sneakers by recycling and transforming them into heels. 

Bonus section - sustainability is the word

Marfa Stance - In-Store Showcase

Wearability, longevity, sustainability, craftsmanship and storytelling provided by renowned brand Marfa Stance - who continues to share its colourful, playful and electric designs in the fashion community! Interchangeable collars, vibrant patterns and sustainable materials fill the Marfa store in Notting Hill, London, while the brand also targets customers in New York and beyond! Founded by Georgia Dant in 2019, who recognised a gap in the fashion market, has since strived to build a multigenerational community at the heart of the brand, offering customer agency to design their own individual Marfa Stance piece.

JCA - London Fashion Academy ‘MA Fashion Entrepreneurship In Design and Brand Innovation’ Sustainable Fashion Show

 

Following last year's groundbreaking success, the JCA London Fashion Academy announced the return of their highly acclaimed MA Sustainability Capsule for the academic year 24/25 - showcasing key designs at London Fashion Week. This curated programme pushes the boundaries of sustainable fashion, in partnership with the innovative Lone Design Club and others.

The full event review including five days worth of content is available for AFRG members.

FIVE FASHION TOP TIPS:

  • Accreditation and getting on the top PR lists.

    There is NO need to fake-it-till-you-make-it! All you need to do in order to prep for London Fashion Week is to understand how it all works. Part of the process for industry professionals, brands, bloggers, writers and so forth is to apply for accreditation, which allows on-schedule fashion designers to see your name and invite you to shows. The next thing you want to do is send out tailored and custom emails to each designers’ show you are interested in attending. Normally this goes through to the designated PR team, and therefore it is good to make connections and send thank you / follow-up emails after London Fashion Week to keep interest going throughout the year, and in the lead up to the next showcase (LFW takes place twice a year in February and September). One other way into the world of fashion is to volunteer backstage, again emailing specific designers and acknowledging why you are interested in helping their brand to achieve success.

  • Boost your social skills by networking.

    It is no secret that fashion is a relatively small industry once you’re on the inside. One thing I learnt is the person you talk to one day can introduce you to ten people the next, and a friend-of-a-friend knows someone else who happens to have crossed paths with so and so. Before you know it, networking is your key to really boosting interactions, connecting with others in the same space and branching out of your comfort zoon. People working in fashion are super friendly, and when I attended London Fashion Week in September solo, I spoke with a lot of different people during my five-day travels. Everyone has a story to share, and willing to do so if you give them a chance.

  • Walking can be tough, choose your footwear wisely.

    While many have suggested easy footwear is your guide to a stress-free fashion week, I did not take this advice on my first day, opting for five-inch chunky black knee-high boots; and while they were an absolute knock out, after 6 hours walking and traveling around London to attend shows I settled for a comfy pair of kitten heels to finish off my evening. Sensible shoes are not for everyone, myself included as I much prefer fashion over simplicity. Make your choices wisely and decide how daring you wish to be.

  • Smartphone charging portal is needed.

    I unfortunately did not have a portable charging pack to hand, and after countless photos and videos luckily had my wired charger which I rushed to a classic ‘Joe and the Juice’ coffee bar and plugged in. This is less than ideal, as I had to wait a good half an hour before I could set off on my next venture, however provided a buffer to grab a drink, quick snack and prepare myself for the following shows. If possible, I would recommend taking a portal charger with you to avoid the sheer panic of trying to find a coffee shop that will allow you to charge your phone.

  • Preparation is key.

    I for one am a sucker for a good planner, and often write down my to do list way ahead of time. While this is not totally essential for fashion week, I would recommend researching to understand runtime, dates and locations of shows you’re attending. I very much overbooked myself each day, and ended up missing a few shows due to just not having enough time in-between, to get from one part of London to the next. It is important to decide which shows are of upmost importance / you must attend / gathering content for.

Read More
Alexandra Forsyth Alexandra Forsyth

MALWARE IMPACTS FOR RETAIL AND FASHION BRANDS

Dive into the world of malware, and how when used in cyber attacks against retail and fashion organisations, can cause severe financial, and reputational impacts.

Infostealer malware is created to persist and collect sensitive data from infected devices including personal details, financial information, and login credentials. Malicious attachments and phishing emails are a way for infostealer malware to be deployed, or through fake mobile applications / fake ads on legitimate sites or platforms.

In retail, Infostealer campaigns can mimic retail and fashion brands through name and branding modifications to appear legitimate (similar to phishing), along with creating fake social media accounts to bolster their authenticity. The main webpages offer downloads that, once installed, infect devices. Login credentials remain extremely valuable to threat actors, even more so if pertaining to third-party software-as-a-service applications including Salesforce, or Microsoft Office 365 allowing for lateral movement in systems. Logs listed on dark web marketplaces for sale will include browser cookies, stored passwords from browsers, and website login information.

Infostealers can bypass detection including weak multi-factor authentication, and anti-virus software, remaining undetected on compromised devices long enough to collect the data required for financial gain. This is why ransomware groups use infostealers.

Several high-profile data breaches, including of Ticketmaster, LendingTree, and Santander, appeared for sale on the dark web starting in May 2024. These allegedly stemmed from all victims being customers of the same company, US-based cloud computing provider Snowflake, targeted by threat actors towards its users with single-factor authentication, using credentials stolen from infostealer malware / previous data breaches.

Infostealers can be downloaded onto victim machines, resulting in stealing usernames, passwords, cookie sessions, search history and financial data. Some of the top cyber criminal groups leveraging infostealers including APT29, Lapsus$ and Scattered Spider.

Days after Crowdstrike announced it had accidentally issued a faulty software update to its Falcon customers resulting in global outages for Windows users; hackers began distributing a new infostealer dubbed ‘Daolpu’ via a fake recovery manual to those impacted across multiple industries including retail, food and beverage, fashion and consumer goods. The campaign leveraged phishing as its primary attack vector, with a Word document attached instructing recipients to use the ‘new recovery tool that fixes Windows devices’.

Macros contained inside the document when enabled, downloaded a base64-encoded DDL file from an external resource and drops it to '% TMP%mscorsvc.dll.' The macros then used Windows certutil to decode the base64-encoded DLL, executed to launch the Daolpu stealer on the compromised devices.

The infostealer then harvested credentials, browser history and authentication cookies stored in Chrome, Edge and other popular web browsers.

***Microsoft has released a custom recovery tool for those impacted.

Key Malwares

  • Lumma - TA547, a financially motivated cyber criminal threat considered to be an initial access broker (IAB), known to target geographic regions and known for delivering NetSupport RAT and payloads including StealC and Lumma Stealer.

  • Rhadamanthys - threat actors leverage AI to generate malware to spread the Rhadamanthys infostealer. The script and accompanying Rhadamanthys payload found to be part of a malicious phishing email campaign, targeting businesses including popular German retailer METRO through fake invoices.

  • Raccoon - modular C/C++ binary designed to infect Windows-based systems, and known to target browser autofill passwords, history, and cookies, credit cards, usernames, passwords, cryptocurrency wallets, and other sensitive data.

***Dark web marketplaces including Genesis and Russian market are renowned for organising infostealer logs to allow quicker search times by cyber criminals looking to target specific organisation’s and industries for financial gain.

Key Threat Actor TTPs: FlashPoint - MITRE

  • Valid Accounts (T1078): Obtained through information stealer logs, either in Telegram channels, subscription services, or venues like Russian Market.

  • Command and Scripting Interpreter (T1059): Executes commands to deploy the malware.

  • Obfuscated Files or Information (T1027): Avoids detection through obfuscation techniques.

  • Credentials from Password Stores (T1555): The information-stealing malware extracts passwords from stores.

  • Query Registry (T1012): The information-stealing malware gathers additional system and user information. 

  • Data from Information Repositories (T1213): The attacker collects data from various information repositories. 

  • Exfiltration Over Web Service (T1567): The data is exfiltrated to an external web server controlled by the attacker.

  • Data Encrypted for Impact (T1486): The exfiltrated data is encrypted or compressed before exfiltration.

Malicious social media ads give rise to infostealers

In July 2024, a new report was released by security researchers, about social media platform Facebook ‘Malvertising Epidemic’ describing how threat actors were leveraging it to deploy infostealer malware to obtain crypto wallets and passwords, alongside credentials to control legitimate accounts and further spread malware.

Campaigns to deploy infostealers through social media begin with creating fake advertisements pertaining to real-world issues, such as celebrity culture, sports, money-off promotional deals and so forth. The idea is to entice users into clicking on the ‘download’ link attached to the advertisement, inadvertently starting a chain of infection.

After clicking ‘download’ users are redirected to a webpage hosted on a legitimate platform such as Google Sites, however by first clicking on the link this triggers the redirection process leading to a malware repository specifically set up by the threat actors. Similar campaigns also take place on LinkedIn, Instagram and other popular social media platforms.

Ducktail malware - used specifically against fashion brands. Ducktail first emerged a little over 12 months ago, spreading on social media platform Facebook targeting business account users through spear-phishing emails. Threat actors specifically wanted to obtain admin privileges on Meta’s business service, and conducted prior research to scope out users before launching full-scale cyber attack.

Retail and fashion brands were impacted because the malware was being hosted on public cloud file storage services and delivered as an archive file alongside popular images, text, and video files pretending to promote brands and product marketing.

From here, the malware was able to steal browser cookies and take advantage of authenticated Facebook sessions to steal the information needed to victims and access accounts.

Ducktail campaigns also involve going after job seekers on social media platforms such as Facebook, trying to exploit users by impersonating offerings from global brands such as L’Oréal, Fendi and Prada and retailers Gap, Mango, Macy’s and Uniqlo.

Mitigations for retailers and fashion brands:

  • Employ phishing awareness training and ensure employees know they can use the ‘Report Phishing’ option in Outlook.

  • Endpoint security solutions such as network segmentation and firewalls.

  • Monitor access control, only accept from trusted locations and specific IP ranges, while making sure to monitor and educate employees about logging out of sessions online, and clearing browser cookies, not saving entries.

  • Transparency and communication is needed across the retail and fashion value chain, thinking about third-parties and contractors, ensuring security standards are met through regular auditing and compliance checks.

  • Monitor illicit marketplaces on the dark web for leaked credentials and stolen logs, alongside public facing platforms including Telegram and log shops.

Mitigations for customers:

  • Passwords - private and sharing them can put your data, identity and devices at risk. Children may find it tempting to share passwords with their friends, but this is not cyber secure.

  • Software updates - Antivirus can be downloaded onto devices. 

  • Download and use a VPN to hide location/hide IP and physical location (Google Play Store and Apple Store have free versions including some features on NordVPN).

  • MFA is when you use two or more proofs of identity to log in. For example, using your login details as well as an authentication code. Additional forms of MFA include a PIN, secret question, fingerprint, biometrics (also helps protect against deepfakes/AI). Authenticator App (Microsoft downloadable from Google Play Store and Apple Store), and SMS notification.

  • Log out of sessions online, and clear browser cookies, not saving entries to avoid be at risk of credentials being stolen through malware deployment.

Read More
Alexandra Forsyth Alexandra Forsyth

THE AI EFFECT

The AI effect on consumers and brands. Artificial Intelligence has been around for decades, but over the last few years we have seen dramatic increases in its usage by retail and fashion brands. Get ready to explore the mind bending world of technology!

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

The AI Effect Timeline Of EVENTS SO FAR:

November 2022

Global fast fashion brands H&M, Zara and so forth began optimising with AI tools, such as chatbot services to handle purchase requests, smart warehouses for inventory and autonomous vehicles for shipping. 

December 2022

Leading US-retailer Walmart reached its peak Black Friday season with AI supply chain solutions for inventory management through predictive analytics and trend patterns, minimising wastage, out-of-stock items to beat customer demand.

March 2023

Retailers began to take advantage of OpenAI’s ChatGPT natural language model, with Shopify, Instacart and Snapchat being some of the first adopters of its API and plugin integration.

 June 2023

Leading French grocer Carrefour, announced three tech solutions through its chatbot service ‘Hopla’: advice robot for shopping, description sheets for brand products, and purchasing support.

January 2024

AI-powered robots are gaining popularity in the UK, and Europe. 1MRobotics unveiled its autonomous storefront for pick and packing in January 2024, accompanied by courier delivery and BOPIS (Buy Online Pick In-Store).

January 2024

Walmart and Amazon both revealed AI will assist and enhance customer functionalities including product discovery, size charts and general improvement of offerings both in-store and online.

January 2024

NVIDIA suggests loss prevention can be implemented through AI solutions to combat theft and shoplifting; body cameras, security RFID tech enable monitoring

March 2024

US-based digitally driven mobile app and community platform ‘DressX’, unveiled its generative AI tool in March, available exclusively on Discord. Using easy prompts, and the ability to browse privately, DressX has been shaping the digital fashion landscape, helping to visualise designs before purchasing by projecting designs onto images uploaded by customers.

July 2024

UK-based fast-fashion powerhouse Sheerluxe introduced its brand new AI-powered influencer ‘Reem’ to its users. The brand described Reem as a fashion and lifestyle editor providing recommendations and new products to try. However, customers were not impressed, divulging how SheerLuxe is ‘depriving human journalists of a job’. SheerLuxe debunked these claims, stating Reem is part of the company experimenting with AI technology, trialing innovative ways to stay ahead of the curve.

Assessing the AI cyber crime ecosystem:

In August 2024, software company IBM released is annual ‘Cost of a Data Breach Report’, detailing how the retail industry globally is facing average costs to remediate data breaches upto USD$3.48M (GBP£2.74M), an increase of 18% in 2024 compared to 2023. However, these figures remain the lowest when considering global average across various industries exceeding GBP£4M. The top five regions saw the highest rate of data breaches including the US, Middle East, Germany, Italy and Benelux, while Canada and Japan experienced a reduction in costs.

Alarmingly, the report discovered one-third of retailers are now using AI to automate tasks, an increase from 25% in 2023.

While organisation’s rush to secure their assets through AI, an estimated 24% of AI models themselves are not secure. Security vulnerabilities are said to be the biggest concern, with cyber criminals threatening to take advantage of Large Language Models (a.k.a. LLMs) in an effort to obtain sensitive company and personal data inputted by employees. Likewise, Generative AI is playing a role in enhancing phishing attacks by allowing non-English speakers to produce grammatically correct and coherent phishing messages.

Coinciding, there is a general lack of cyber security training amongst employees, with the skills gaps increasing year-on-year, totalling around 3.5M unfilled jobs by 2025.


By design phishing is a type of social engineering scheme, whereby a threat actor will craft an email, or SMS message (a.k.a. smishing) to steal sensitive data from its targets. Going a step further, the email content can be specifically pertaining to a target individual or organisation (a.k.a. spear phishing) in order to extract specific company details, financial records, or funds transferred to the attacker-controlled environment. This information can then be used in future campaigns possibly against clients and customers.

Within the phishing email, a redirect URL link to a login page/website or PDF document will be attached, and once clicked will ask for credentials, or directly download malware onto the target device, infecting the machine and allowing the threat actor a way into the organisation. The impact for individuals could be loss of credentials (username and password), and financial data (credit card information). For organisations impacted, loss of customer/client trust, alongside confidential documents and records will result in reputational harm.

RECOMMENDATIONS

If you open a phishing email and click on any links attached, if accessing from a corporate device, you can report to your organisation straight away, and through the 'report phishing' button for Outlook users. Alternatively, blocking the sender, visiting the legitimate site for confirmation, reporting to Action Fraud if accessing through a personal account, and setting up an email gateway to filter emails before they reach your inbox can help.

Recently, Apple's AI Intelligence has been marking emails as a priority, Apple released its intelligence strategy which involves saving users time by alerting them about which emails should take priority, including those suspected to be phishing. The potential drawback is, pushing too many phishing emails to users may cause accidental clicking on links or downloading malicious content by mistake; especially without proper cyber security awareness training in place. The Apple Intelligence is still in beta form, and therefore teething issues can be addressed in the future.


Deepfakes

Under the EU AI Act, deployers who use AI systems to create deep fakes are required to clearly disclose that the content has been artificially created or manipulated by labelling the AI output as such and disclosing its artificial origin.

In February 2024, one of the first deepfake virtual fraud scams on a large scale took place against a financial services company, impersonating the chief financial officer (CTO) to dupe an employee into transferring large funds into the attacker-controlled environment.

The scheme was well played, with the threat actor recreating an entirely manufactured Teams conference call, to make it appear as if the employee was in a regular call with their colleagues. While there was some initial hesitation after receiving a random message from the CTO, believing it to be a possible phishing attempt; the employee was reassured after seeing his alleged colleagues virtually, resulting in GBP£25.6M being transferred.

In retail, and fashion industries, facial recognition is used to protect user accounts from account takeover. Brute force is a type of attack vector which can compromise credentials and identify a person’s username and password to access login. However, authentication methods such as multi-factor (MFA) and facial recognition can help stop unwanted access.

Deepfake phishing, similar to the CTO fraud case, is one other type of attack vector that manipulates through social engineering victims into revealing sensitive information. The objective is to bypass security controls, and gain information to further future campaigns (client and partner data can help carry out supply chain compromise), or have an immediate impact through financial gain.

In January 2023, Italian clothing brand Cap_able made a bold move and created a collection called "Manifesto" which it designed to evade AI facial recognition detection through making it believe the person wearing the clothes is an animal. The pieces were tested using a system called YOLO, and patterns merged through the Computerised Knitwear Machine.

In March 2024, China-based fast fashion brand Temu came under scrutiny for its somewhat overstepping prize giveaway, which saw the powerhouse offering a GBP£50 reward to new customers in exchange for permanent access to their data including voice and biographical information. Although no strings were attached, beside customers losing complete privacy of data, claims were made in relation to if the data were compromised, could this give rise to creation of deepfakes for malicious purposes?

Social Media Marketing Gone Wrong:

Just as we see in social engineering scams with threat actors impersonating real people to gain trust with victims and eventually steal from them financially; we’re now seeing cases of ‘AI voice cloning’ via social media platforms, opting to use a popular account from a well known person and profit from victims.

Those akin to social media, will have come to realise how platforms such as Instagram and Facebook switched up their viewing strategies, replacing the old algorithm with a domino effect “discovery-engine,” allowing users to come into contact with posts not on their explore page or previously searched for, in a bid to replicate TikTok’s “For You” page. This shift has been prevalent between 2023 and 2024, set to keep pace for the rest of this year, unless a new glitch hits users and turns all apps upside down again. Likewise, it is suggested that smaller businesses and lower-viewed accounts will have further opportunities to get featured, as Instagram in particular pushes this content over high-profile accounts.

What does all of this have to do with the threats facing AI?

Due to the algorithm changes, more AI-generated content is being pushed to unknowing users, causing a mesh of information making it harder to distinguish real from manipulated data. For example, AI-powered deepfakes are thriving through fake ads, within retail and fashion used to promote beauty and skincare products, and pose as influencers during altered shopping promotional videos.

The rise of ‘GPT’ Variants:

FleecGPT –

In May 2023, Sophos released a report titled ‘FleeceGPT mobile apps target AI-curious to rake in cash’ detailing how users were being tricked into downloading malicious apps from stores such as Android’s Google Play Store and iTunes App Store through malicious pop-up advertisements, and reduced in-app functionalities shortly after installing, requiring subscription costs.

Black Hat AI Tool Discovery  –

In July 2023, discussions on the dark web shifted to incorporate AI variants, WormGPT and FraudGPT. WormGPT, is based on GPT-6B open-source pre-trained transformer model, able to generate malicious python scripts, while offering a range of services through its domain.

XXXGPT –

In August 2023, security researchers identified hacktivist groups discussing blackhat AI tools known as XXXGPT and WolfGPT on a hacker forum on the dark web. WolfGPT is a Python-build alternative to ChatGPT that offers advanced phishing attacks and confidentiality to users, while XXXGPT provides code for botnets, point-of-sale systems, ATMs (goal = cash removal), infostealers, RATs, and malware.

Combatting AI challenges with Legislation:

EU AI Act

The AI Act is a European Union regulation establishing a common regulatory and legal framework for AI within the European Union. It will come into force on 1 August 2024, and impact high-risk AI systems which make use of techniques involving the training of models with data. Organisations using these AI systems will be expected to validate training and testing data sets to meet the new quality criteria.

If organsations do not comply with the set regulations, there will be penalties associated. The maximum penalty for non-compliance with the EU AI Act's rules on prohibited uses of AI is the higher of an administrative fine of up to EUR£35M or 7 percent of worldwide annual turnover (Art. 99(3) EU AI Act). Penalties for breaches of certain other provisions will be subject to a maximum fine of GBP£15M or 3 percent of worldwide annual turnover, whichever is higher. The maximum penalty for the provision of incorrect, incomplete, or misleading information to notified bodies or national competent authorities is GBP£7.5M or 1 percent of worldwide annual turnover. For SMEs and start-ups, the fines for all the above are subject to the same maximum percentages of amounts, but whichever is lower (Art. 99(6) EU AI Act).

EU Digital Service Act

This EU Regulation aims to provide a safer experience for everyone within the online ecosystem by urging digital services operating in the EU to improve transparency and accountability. The DSA targets online platforms, search engines, hosting services and intermediary services offering network infrastructure, combating the sale of illegal content, goods and services.

Read More
Alexandra Forsyth Alexandra Forsyth

BACK-TO-SCHOOL TRENDS / 24

Explore back-to-school trends for retail brands, including expected cyber crime activity and cyber security recommendations.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

Assessing the Current Landscape

The current rate of inflation is 2% in the UK, while Office for National Statistics figures show core inflation excluding food, energy, alcoholic drinks and tobacco remains unchanged at 3.5%. Inflation in the services sector also remains steady at 5.7%. In the United States (US), The current annual inflation rate currently stands at 3%, but showed more decline between the months of May and June.

Today, brands are switching up their objectives in line with Gen Alpha and Gen Z culture, social issues and economic impacts pertaining to back-to-school.

As we witnessed in 2023, consumers have begun decisively shopping earlier in the year to grab seasonal sales ahead of back-to-school. As part of its 2024 Global Holiday Season Consumer Behaviour Report, Bazaarvoice makes predictions from 2,000 UK consumers out of 8,000 globally; that the hustle and bustle is set to really make haste during July.

Let’s not forget about Amazon Prime Day which kicked off between 16-17 July. The two-day spectacle included mega deals on electronics, through to clothing and homeware. This year, Amazon offered up to 75% off a selection of branded headphones, alongside low prices on toothbrushes, mobile phones, Amazon music membership and more!

In line with back-to-school trends, consumers are likely to purchase holiday season gifts to avoid wait times and added expenses during the winter months.

Ecommerce will be utilised by consumers, shopping online being among the favoured for purchasing products, while social media will be considered by younger generations, including TikTokShop/Marketplace and Instagram.

Check out AFRG cyber security training material recommendations

2023 Summary

According to the National Retail Federation (NRF), ‘Retail Holiday and Seasonal Trends’ report, in 2023, consumers showed signs of resilience during the cost-of-living crisis, impacting society’s economic outlook. For back-to-school and back-to-college, NRF emphasised record spending, as part of a larger survey of 8,000 consumers and products involving K-12 through to college students.

On average there was a strong increase in electronic items bought since 2022, linking to digitisation, alongside furnishing, clothing and accessories. 43 percent of shoppers agreed they needed more of these items, with a third suggesting they spend more because of price hikes and effects from the COVID-19 pandemic. Coinciding, there was a general increase in electronic use, such as smartphones, laptops, iPads, and tablets for easier integration with how students learn by means of ‘zoom classrooms’, submitting assignments through learning portals online, and general pressures to have the latest technology when interacting with friends.

Blending in-person and virtual learning through technology became a back-to-school essential in 2023. Laptops, tablets, and digital tools took centre stage as students navigated the complexities of modern education. For example, e-books and eLearning within online interactive platforms, caused rising demand for these “tech-savvy gadgets”.

 

In total, NRF predicted back-to-school trends would reach USD$41.5B(GBP£32B) in 2023, up from USD$36.9B (GBP£29B) in 2022. Discounts and promotions remained prevalent this year, with many consumers shopping around and considering options such as trading down, reselling items, thrifting and only buying essential items.

2024 Clothing trends

Retail calendars will no longer be as effective, with students, parents and children wanting to shop for their back-to-school essentials when they decide to. In August 2023, 60% of K-12 parents reported making footwear purchases “close to the start of school,” according to Circana.

Because promotional activity doesn’t align solely with seasonal trading anymore, underpinned by sales taking place throughout the year; impact will continue to decline, instead one could argue the ‘influencer effect’ on social media platforms such as Instagram and TikTok will be the main drivers for younger generations to shop for their back-to-school pieces.

TikTok have released its annual back-to-school trends report, detailing how the platform will be prioritising content for ultimate visibility (#BackToSchool). Children have officially broken up for their 6 weeks holidays, however while some may take this time to relax, TikTok shares its guide to creating impactful campaigns. By August, TikTok predict 37% of users will be shopping for back-to-school, marking this time as crucial for content creators and influencers to push products (top categories include clothing, accessories, food, personal care, technology and beauty). Overall, 1 in 7 internet users will purchase or subscribe to a retailer because of seeing it through TikTok discovery within 30 days, and 68% will likely visit TikTok with the same intentions.

This does not just apply to children, parents will prioritise shopping on TikTok for school supplies, app subscriptions and clothing as well. A recent survey by consulting company Deloitte shared that parents will spend USD$11 more (GBP£8.5) than 2023, averaging USD$586 (GBP£453)per child in 2024. Alongside this, children are being enrolled into after school activities at a higher rate than 2023, meaning in 2024 retailers should take advantage of extra spending by parents on non-essential items by revamping the customer journey and making the shopping experience pleasing.

2024 and Cyber Security

Education and retail are two of the top industries consistently witnessing a rise in cyber attacks and cyber security threats in the last years, underpinned by ransomware, data breaches and supply chain compromise. Security researchers believe this ties in with heavy reliance on IT infrastructure for daily operations – similar to other industries globally.

A shift to online learning and remote working during the pandemic, led children, and young students to attend classes through online platforms such as Zoom and Microsoft Teams, potentially increasing prevalence of access points for threat actors seeking to steal personally identifiable information (PII) including medical records, email addresses, and payment data.

The National Cyber Security Centre (NCSC) recently reviewed its shopping and paying safely report, offering guidance when browsing online, making sure to check the website is legitimate by checking the URL domain, limit information shared at checkout by only entering what is required, and reporting phishing to report@phishing.gov.uk.

Because TikTok and Instagram will be top platforms influencing children (under the age of 14 being the biggest targets), students and parents ahead and during back-to-school purchasing, it is important to identify scams. The top types of activity preying on victims will include fake giveaways (mystery box prizes and fake promotions) offering extreme amounts of money off, bot accounts and synthetic identities (creating false personas, possibly mimicking influencers through duplicate accounts with a blue tick to seem authentic). It is important that in the case of more than one account sharing the same name, bio, images and products, search for comments within the community proving which account is legitimate through buyer/seller ratings, and search outside of the main platform to other social media sites for confirmation.

Mystery Box Example:

In March 2024, Action Fraud received over 7,000 reports of fake emails impersonating well-known retail brands, with claims of giving away a ‘mystery box’ full of free prizes. Within the emails, an address and phone number can be used to make contact, however users are urged to go directly to the legitimate website and communicate with customer support.   

Amazon was targeted by a ‘mystery box scam’ in February 2024, luring unsuspecting customers through email and social media platforms such as Facebook, Instagram and TikTok. Video ads promoting boxes filled with high-price products for low costs created willingness from users to click on the link included in the video caption, redirecting to a fake website using Amazon’s logo, web design and stock images to lure them into entering details at checkout.

Malicious Websites:

In June 2024, security researchers identified emergence of more than 1,200 new domains associated with Amazon, 85% suspected to be malicious. If you’re shopping online this year, avoid clicking directly on links received through email or SMS message. Instead you can hover over the link to see where it takes you. Or simply go straight to the legitimate site via Google search.

Student Tax Scams:

For students starting university, this can be an exciting time to invest in your future. However, scammers prey on young and naive individuals, with phone calls, SMS messages and emails impersonating organisations such as HMRC to discuss unpaid student tax, asking for immediate wire transfer of funds. This also applies to any students receiving scholarship and bursary funds to help with tuition and living expenses, scammers may try and manipulate the process by creating bogus applications asking for personal details and administrative costs.

Audience-Specific Recommendations:

Actions for Parents and Children:

The UK government has introduced free training resources, first published online in August 2023 as students prepare to head back-to-school in September, encouraging cyber skills learning and aspirations among children.

Passwords - private and sharing them can put your data, identity and devices at risk. Children may find it tempting to share passwords with their friends, but this is not cyber secure.

Advise and help your children to:

Set secure passwords through a password manager, passphrase

and not share or reuse passwords or passphrases.

Cyber Essentials and Cyber First - government websites can teach parents, teachers and education organisations how to stay protected.  

Report Scam activity to ActionFraud.

Software updates - Antivirus can be downloaded onto devices. 

Download and use a VPN to hide location/hide IP and physical location (Google Play Store and Apple Store have free versions including some features on NordVPN).

CyberSprinters is an educational game for 7–11 year olds by the UK's National Cyber Security Centre. 

MFA is when you use two or more proofs of identity to log in. For example, using your login details as well as an authentication code. Additional forms of MFA include a PIN, secret question, fingerprint, biometrics (also helps protect against deepfakes/AI). Authenticator App (Microsoft downloadable from Google Play Store and Apple Store), and SMS notification.

Actions for Schools, Higher Education and Institutions:

In the UK, CyberFirst Schools & Colleges is an initiative set up by the NCSC and GCHQ, delivered by IN4 Group in the Northwest, to encourage a diverse range of young people in their pursuit of a cyber career. CyberFirst also hosts bursary schemes to support undergraduates through university, degree apprenticeship opportunities, and girls only competitions.  

AFRG CLUB will soon be joining CyberFirst as an ‘Industry Member’ ready to collaborate with the education section to help younger generations have a seat at the table, alongside sharing knowledge with industry professionals and public members.

Overall, K-12 through to higher education and university institutions must consider and ensure employees, faculty, visitors attending in-person activities and students learning on campus and within online environments, are well adverse about cyber risks and have access to the appropriate resources. Sharing tools, building a community, and remaining curious in the field of cyber is our best chance at keeping protected against the symptoms of modern life – technology has grown more free-spirited overtime, and it’s up to us to stay updated.

Actions for Industry Professionals (IT, Cyber Security Analysts), Third-Party Organisations and Government

The Stay Safe Online: Top Tips for staff is a free training taking 30 minutes, introduced by the National Cyber Security Centre, aimed at small and medium sized organisations, charities and the voluntary sector.

  1. Update and install the latest patches on vulnerable / outdated software systems,

  2. Employ phishing awareness training and ensure employees know they can use the ‘Report Phishing’ option in Outlook,

  3. Endpoint security solutions such as network segmentation and firewalls,

  4. Backup data using the 3-2-1 rule (a.k.a. two copies stored online, and one copy of data in an offline environment).

Microsoft has released its top tips for IT teams to help cyber security in schools this summer. For example, assessing vulnerability impact using tooling against critical assets and systems, profiling threat actors most likely to target the industry, organisational impact assessment, employing incident response and protecting student devices / endpoints from phishing and malware using specific AI-powered software.

Read More
Alexandra Forsyth Alexandra Forsyth

RETAIL THREAT LANDSCAPE 2024

AFRG dives into the current trends impacting the retail threat landscape 2024.

Retail Resilience: Barclays Retail Economics Report

Cyber and data threats are viewed as the biggest risks by over a third (34%) of UK retailers surveyed, with 70% saying they form part of their top three risks over the next 12 months.

Technology (customer seamless access to products and services), International Trade (environmental policy changes), and Finances (impact to supply chains), top three concerns facing UK retailers.

Risks to general retail: cyber/data – regulatory – financial – operational – strategic – environment and social.

Resilience identified through strong leadership, security and operations.

Retailers are already investing in technology, enhancing employee training and development (campaigns and workshops), strengthening supply chains, diversifying product offerings, and improving crisis management processes.

Audience - focus on retail, government, parents, younger generations, influencers and more.

July 22, 2024: Europol Internet Organised Crime Threat Assessment (IOCTA)

AI - Crime-as-a-service market incorporates selling of tools including malicious large language models (LLMs) on underground forums hosted on the dark web that can help online fraudsters to develop scripts and create phishing emails. Dark Web service called ‘Only Fake’ has been reported, selling services including AI-generated fake IDs that can open accounts online on financial services bypassing ‘Know Your Customer’.

Deepfakes - Enhanced by AI, can provide additional capabilities to threat actors such as mimicking the victim's voice, leveraging social engineering to get a person or target organisation to reveal sensitive information or transfer funds.

Ransomware groups - Continuing to exploit targets across the EU, including small-medium size businesses because of limited resources, and lacking cyber security defences. Retail and ecommerce are impacted through digital skimming cyber attacks against online checkout pages; phishing, and business email compromise. One other trend with ransomware groups involves capitalising on the downfall of their competitors to lure capable affiliates to their services. LockBit continued to be among the most prolific Ransomware-as-a-Service (RaaS) before its infrastructure was seized in February 2024, resulting in damaging its capability and credibility. a non-RaaS group called 'Cl0P’, made waves in 2023 particularly by carrying out zero-day campaign against the MOVEit file transfer software in May 2023, and previously GoAnywhere MFT.

Dark Web - Forums and marketplaces are still the main denominator for threat actors to thrive within the cyber crime ecosystem. Unregulated by law enforcement, threat actors can sell and advertise toolkits, credit card data, PII (personally identifiable information) malwares, exploits and more to build relationships in their community, and and gain a network of like minded groups. RAMP, Russian market, WWH-CLUB and Genesis have remained popular between 2023 - 2024 (Genesis marketplace was taken down successfully in 2023, used to sell credentials and bots).

Phishing - Remains the most used attack vector among fraud schemes between 2023 - 2024. SMS-based phishing, OR code scams also emerge as frequently used attack vectors. Online fraud schemes are enhanced through phishing-as-a-service products, services and ability to steal victims’ data, using cryptocurrency as payment method of choice for subscriptions, keeping the criminal network alive and thriving.

Digital Skimming - Web skimmers injected into the target website’s server or by exploiting a vulnerability in an ecommerce platform/placed into a site by exploiting a third-party resource resulting in a supply chain attack.

Web3 - Principles adopted in the future could mean a more decentralised Internet, whereby communications are neither controlled nor regulated by governments or private companies, underpinned by blockchain technology and P2P networks consisting of privately owned platforms controlled by users.

Read More
Alexandra Forsyth Alexandra Forsyth

CYBER SECURITY CAREERS

AFRG founder Alexandra guides you through various career pathways in cyber security. She will also provide how this can apply to retail and fashion.

AFRG CLUB provides a deep dive into the top cyber security roles in 2024, and how retail and fashion can be applied.

Introduction - Background:

Cyber Threat Intelligence Analysts (CTI) - AFRG CLUB’s founder is an expert in CTI, carrying with her over three years experience to date. The role of CTI has many layers, including delivering bespoke intelligence services to clients in the cyber security space (consulting and liaising with different teams including threat management, security operations centre, threat hunters and client-specific teams through public speaking engagements and presentations).

Core Skills and Industry Specialisation:

  • Retail

  • Consumer Goods and Services

  • Fashion

  • Hospitality

  • Open-Source Intelligence (OSINT).

  • Social Media Investigations.

  • Business and Brand Protection - Threat Assessments & Industry Analysis(looking into a particular organisation, location/demographics, suppliers, clients and competitors to understand the existing cyber crime threat landscape, and provide mitigations to reduce impact of risk).

  • Digital Risk Assessments (DRA).

  • On-demand investigations.

  • Supply Chain Awareness / Value Chain Creation.

  • Activist Group Monitoring.

  • Darkweb Investigations.

  • Cyber Awareness Advocate and Champion.

Additional Roles in Cyber Security:

Data Administration - Vital to retail and fashion organisations, and within cyber security roles. Expectations include keeping data safe and integrity maintained, making sure data has not been tampered with and/modified/deleted, is securely backed-up to the right servers, and only the users who need access at any given time are granted permissions(identity access management (IAM) to avoid too many users accessing sensitive and classified information).

In retail and fashion, it is crucial that customer and employee data is kept out of the hands of cyber criminals (personally identifiable information such as name, location, physical address, DOB), and financial data such as credit and debit card data / banking information which can be used by threat actors to launch sophisticated phishing campaigns against multiple organisations, suppliers and clients, or socially engineer their way into an organisation through impersonating an admin employee to enter the internal environment, escalate privileges and gain further data - possibly intellectual property (IP) (retail and fashion product planning documents, new technologies being used to enhance operations, future strategy documents, and payroll system access etc).

Red Team - Offensive Security offered to retail and fashion organisations when they want to understand their own internal security posture against outsider threats. The hypothesis of red team exercises involves simulating real-world cyber attacks against an organisation, including either physical or digital intrusion; reporting back whether defences in place by the organisation were penetrated and bypassed. Red teaming is effective because it is the group’s ultimate goal to break down cyber security barriers put up by organisations to help them get better at defending their core business functions and assets as if they were being targeted by a threat actor in real time.

Tactics used in red team exercises include social engineering (phishing and vishing)to get organisations to hand-over sensitive data; vulnerability exploitation (legacy or non-patched software systems provide entry points); and physical security testing through tailgating employees to enter office buildings, cloning ID badges or forced entry.

Similar branches of Red Team include:

  • Penetration Testers - Analyse internal and external environments to identify weak spots and vulnerabilities making the organisation more susceptible to cyber attacks.

  • Malware Analysts - Analyse indicators of compromise (IOCs) often used by threat actors to create their own environments for launching cyber attacks or luring unsuspecting targets into handing over sensitive information. For example, registering domains hosted on IP addresses can help threat actors leverage creation of phishing websites impersonating real-life retail and fashion companies through brand impersonation (logo, description of products and promotions). Reputational and financial harm can impact said companies due to its customers being lured into clicking on URLs or attachments within phishing emails redirecting to these fake websites pretending to be legitimate, thus potentially entering details onto the website, or even going as far as to purchase items, sending physical and shipping information to the threat actors. It is therefore the role of the malware analysts to identify suspicious information from the IOCs. For example the phishing website could be marked as malicious by security vendors online using open-source tools. Or threat actors could leave behind a trail of malware hashes (additional forms of IOCs) that the malware analyst can match against the retail or fashion company network environment to see if any connections have been made (e.g., employees accessed the phishing website, or the malware hashes prevalent).

  • Blue Team - Defensive Security offered in-house by retail and fashion organisations to protect against red teaming exercises. As the red team simulates real-world cyber attacks, blue teaming exercises are responsible for simulating exactly how the organisation would respond. This provides a good indication of gaps in cyber resilience (education, cyber awareness training) and cyber hygiene (vulnerability patching/weak operating systems).

Cyber Threat Hunters - Have acquired a certain skill set to search, log, monitor and neutralise threats before they can cause serious problems for organisations. Cyber threat hunters mirror similar activities to red teamers, looking for cyber threats and points of exploitation that may be lurking inside an organisation’s defences bypassing endpoint detection. The main end goal for cyber threat hunters is to notify organisations about weak spots and key entry points that could allow a threat actor to obtain sensitive information, gain entry and navigate internal environments.

Similar to red teaming exercises simulating real-world cyber threats against an organisation to help better defend, cyber threat hunters will also assume the organisation is under attack, and threat actors have gained access to internal environments. This hypothesis helps drive hunting teams forward, using observed behaviours and Tactics, Techniques, and Procedures (TTPs) used by threat actors to emulate what might happen. Uncovering patterns in cyber attack methodology, what a threat actor is looking for and potential output can help trigger early warning indications for organisations to step up cyber security practices.

Security Operations Centre Analysts (SOC) & Incident Response - Responsible for enterprise cyber security, including threat prevention, security infrastructure design, incident detection and response. The main aim for SOC and IR teams is to monitor, triage, and investigate alerts containing reports about suspicious activity, escalating concerns where needed. SOC teams are also responsible for implementing cyber hygiene, identifying, applying, and testing patches for vulnerable enterprise systems and software. Alert and ticketing tools employed by organisations can help package reports neatly and deliver to the appropriate teams for investigation, removing backlog.

Read More
Alexandra Forsyth Alexandra Forsyth

LONDON FASHION WEEK 2024

London Fashion Week 2024 - 07 - 09 June, AFRG exclusive rundown of events and panel discussions.

AFRG CLUB founder Alexandra will be hitting the streets of London between 07 - 09 June 2024; attending events and panel discussions as part of London Fashion Week 40 year celebration presented by 1664 Blanc.

Key Theme - Ignite cultural moments in London with a focus on menswear, spotlighting London's position as a world leading cultural capital.

Explore AFRG CLUB Photos From London Fashion Week

London Fashion Week Back Story:

How did it all begin?

London Fashion Week was originally organised by the British Fashion Council (BFC) for the London Development Agency with help from the Department for Business, Innovation, and Skills. It has remained a highly prestigious showcase of upcoming designers and long-standing brands, orchestrated by the BFC in collaboration with partners each year.

The first London Fashion Week took place in February 1984, and is considered the youngest of the ‘Big Four’(a.k.a. London, Paris, Milan and New York City).

The narrative of London Fashion Week has for the most part stayed the same, described as a jam packed extravaganza of talks, presentations, exhibitions, catwalk shows, and endless runways.

What some of you might not know is that the first London Fashion Week took place in the Commonwealth Institute’s car park in Kensington, and through the 90’s played host to London’s club scene, counterculture and forward-thinking designs; with supermodels eventually taking over places such as The Ritz to showcase designs.

Legendary designers in the early days included Mary Quant, Ossie Clark and Barbara Hulanicki’s Biba, Vivienne Westwood’s punk provocations and Alexander McQueen.

Looking Forward:

One element of London Fashion Week that has evolved overtime is the presence of ‘street style’, with photographers looking to capture not only inside venue spaces, but a look at what people on the outside deem fashionable.

Likewise, London Fashion Week has become more accessible to the general public, providing opportunities to attend pop-up spaces, and in-store brand days taking place alongside the bigger events, so everyone gets a chance to experience what London has to offer.

London Fashion Week Schedule:

Theme - culture, wellness and craftsmanship.

The three cultures informing the exhibitions at the ICA are: Black culture centred around self-love captured by photographer Stephen Akinyemi; South Asian culture with focus on pattern,textile and craftsmanship captured by photographer Tami Aftab; and queer culture, with a spotlight on young creative voices from the trans+ community captured by photographer Dani D’Ingeo.

Panel speakers will include fashion designers Charles Jeffrey, Charlie Casely-Hayford and Rejina Pyo, as well as model and activist Munroe Bergdorf, model James Corbin and disability campaigner Victoria Jenkins.

London Fashion Week - Day 1:

The British Fashion Council took over the Institute of Contemporary Arts for a curated programme of events, including the ‘cultures’ exhibition featuring three guest curators, the BFC explored Black culture centred around self-love; South Asian culture with focus on pattern, textile and craftsmanship; and queer culture, with a spotlight on young creative voices from the trans community.

London Fashion Week in June is complemented by the “40 for 40” schedule, including a line up of 40 activations hosted by leading British brands and designers across the city including; catwalk shows, presentations and events.

Catwalk, and exhibition:

The Lore of Loverboy - Charles Jeffrey

Exclusive to Somerset House, with a private viewing June 07, open to the public June 08 - 01 September.

The exhibition has been co-curated by Charles Jeffrey LOVERBOY, Jonathan Faiers, Bunny Kinney and Somerset House. The exhibition designer is David Curtis-Ring. 

On display are some of his earliest works inspired by style icons such as Andy Warhol and Vivienne Westwood, and outfits worn by the famous such as Harry Styles, Charli XCX, Tilda Swinton, Faris Badwan of The Horrors and K-pop star Mino.

LOVERBOY, which started in London, is now an international fashion powerhouse almost 10 years later, carried in over 90 stores across the world, and employing a team of ten full-time staff. Drawn to the inherent magic in queerness, Charles and his collaborators add to the brand’s story with each passing season.

“Together they weave the folkloric thread of Scottish history into the rich tapestry of London’s queer nightlife and music scenes”.

London Fashion Week - Day 2:

Panel Discussion:

Diversity in creative industries: Simran Randhawa, Lea Ogunlami & Darkwah.

Vogue Business journalist Maliha Shoaib sat down with brand consultant and creative Simran Randhawa, i-D Magazine host and presenter Lea Ogunlami, and multi-disciplinary artist Darkwah to discuss their journey within the industry and prejudices they have faced.

Key Takeaways:

Diversity - truly being able to connect and engage with everyone. 

Going through a career- means deciding how to navigate what you want people to perceive you as, and fully step into identity.  

Media, fashion and publicity - questions asked include how is diversity actually being included? Understanding brands and knowing the why. Why do you want to connect with these people and are they the right fit for you/values?

Miscommunication - can happen without actions of diversity. 

Interviewing people from diverse backgrounds - going the extra mile - London Fashion Week for example can be so much more than the clothes.

We all have the power to be able to tell stories.  

What happens behind the camera is just as important as being in front of it - for example we may see a diverse girl walking the runway but what happens once the cameras stop rolling? Is this person taken care of, includes stylists putting in the effort.

Authenticity - means casting a community and choosing styles that suit their needs / being able to have an opinion. 

‘Strategic thinkers’ - consumers can see through heavy marketing without a clear message.  

The idea that everyone can be an ‘influencers’ through their own niche. 

Community - if you have looked for so long and not found what you wanted…it is probably because it is your time to shine, and you will be the first to do the thing you are doing. 

 

Pop-up spaces - Covent Garden MUI MUI Summer Reads :

Luxury brand MUI MUI kicked off its summer season style by converging fashionistas into eager readers, championing Italian women through storytelling. For a limited time MUI MUI is offering consumers the chance to pick up a book and get inspired. 

Tucked away in Covent Garden, MUI MUI paraded a campervan filled with books to hand out between June 07 and June 08, underpinned by London Fashion Week.  

Texts by females include Alba de Céspedes’ Forbidden Notebook, Sibilla Aleramo’s A Woman and Jane Austen’s Persuasion, with Miu Miu branded popsicles up for grabs as well. 

As part of select city locations, MUI MUI will be hitting Milan, Paris, New York, Seoul, Shanghai and Hong Kong and from June 8 to 9 will stop off in Tokyo. 

Display room and designer showcase - The Botree Hotel, MarylebonE, London:

AFRG’s last stop on Day 2 included visiting the luxury bridal brand
DI PETSA and reviewing its Pre-SS25 WET BRIDES ACT 2 - EROS IN PAIN ahead of the Digital Discovery Lab showcase on June 09. The resort capsule collection featured a number of sheer wet look designs, inspired to fit any body type, oozing fluidity and uniqueness. Altogether, DI PETSA aimed to embody bridal, swim and the first foray into Menswear - with a subtle hint as to what’s coming for the main SS25 collection in September.

DI PETSA takes pride in telling different stories through its designs, capturing the true nature of the body wearing its clothes. The capsule collection featured 20 looks, all white bridal wardrobe preying on emotion as a powerful storyteller.

From slinky white long dinner dresses, with drapery and wrap across wetlook body elements, to gold hanging eccentric jewelry chains fit for any occasion, DI PETSA takes us on a journey of self discovery, open to our own interpretation.

London Fashion Week - Day 3:

Digital Discovery Lab Presents -

FLORIAN WOWRETZKO SPRING SUMMER 2025 EROSAO - Link

Genevieve Devine // Desire Paths // June 2024 - Link

Nicole Zisman Interview - Link

Clara Pinto ‘Wool Couture’ - Link

Clara Pinto Capsule Show In—Person:

The show included a fashion film screening, a textile installation, and a live performance by a Tango orchestra.

For her latest womenswear collection titled ‘Wool Couture’, Clara Pinto presents a short film to depict the analogy of the relationship between the natural materials she works with and nature's diversity.

Read More
Alexandra Forsyth Alexandra Forsyth

RETAIL AND FASHION HISTORY

Explore retail and fashion’s past, present and future. Can you spot the concepts, technology meaning and cyber security elements?

AFRG will be providing a sneak peek into fashion history. To read the full article - join AFRG NETWORK!

Key terms to consider:

Radical Innovation – this refers to physical elements of fashion and digital technology. For example, AI and ML shifting the landscape for better and worse. Ecommerce, and Mcommerce (a.k.a. Mobile Commerce) buying through digital devices, trying-on clothes in virtual environments, and the ability to shop online, enhanced by the COVID-19 pandemic.

Technology Disruption – cyber security and cyber crime providing changes in technology, meaning more prone to harm impacting the industry not for the better, requiring more cyber hygiene and cyber resilience (a.k.a. software updates and patches vs cyber awareness training to customers and employees).

Social media has escalated buying habits on ecommerce and digital communication platforms such as Instagram, TikTok and Facebook – potentially increasing identity theft, account takeover, and scam activities.

Fashion Values and Cultures - the role of fashion as a powerful medium of voices and cultures around the world. ‘Heroin Chic’ of the 90’s, fashion intensifies life and culture in society, offering nostalgia and revitalisation overtime, adding new and exciting materials and ideas to clothing.

Origins of fashion refer to stories and exploration of materials, objects, ideas, and values that allow us to reflect on fashion as we know it today. Style can often be interpreted individually, customised depending on clothing chosen within a certain social setting and environment.

Overall, fashion is self-exploratory, and a form of self-expression, woven by style and concepts narrated by people, groups, and society together; with those exceptional beings who dare to unravel its meaning and create designs, from ideas using craftsmanship to style them.

Read More
Alexandra Forsyth Alexandra Forsyth

CONNECTION BETWEEN RETail, fashion and cyber security

Do you want to understand how exactly retail, fashion and cyber security is linked? AFRG CLUB provides a sneak peek.

Sneak peek into retail and cyber security risks. To access further information join AFRG NETWORK!

Industry Risks:

The Retail and Hospitality ISAC (a.k.a. RH-ISAC) recently reported on the latest cyber threats targeting the industry. Overall, threat actors are employing advanced technologies such as AI, while credential theft, ransomware, and phishing remain the top threats impacting the industry. As part of the RH-ISAC report analysis, personally identifiable information (a.k.a. PII) still remains the most commonly targeted data type. Overall, retail incidents rose from 404 incidents to 725, while confirmed breaches rose from 191 to 369. Threat actors are increasingly using vulnerability exploitation as part of gaining initial access into an organisation’s environment, and opting for generative AI tools to increase fraud.

Fraud Risks

Threat actors can manipulate vulnerabilities in a retail company's payment systems—both in physical stores and online platforms. This could result in compromised transactions or financial data loss, posing threats not only to the company's revenue but also to consumer trust in online and offline purchasing experiences.

Supply Chain Exposures

Cyber attackers leverage vulnerabilities in the extensive and interconnected supply chain of the retail industry, resulting in regulatory penalties, financial setbacks, and damage to brand reputation.

Operational Disruptions Impacting Productivity

The rising concerns with geopolitical issues, increasing global competition, and the convergence of IT, OT, and Cloud environments in labs, manufacturing, & distribution not only escalate risks but also threaten productivity. These factors enable cyber attackers to disrupt operations for economic gain (e.g. ransomware), posing significant threats to overall productivity.

Physical Security & Insider Threat

Attackers might exploit physical security weaknesses in retail stores by using tactics like unauthorised access, theft, or tampering with systems to gain entry to sensitive areas, compromising customer data or valuable assets.

Data Privacy and AI Risks

The risk of data breaches and AI-related vulnerabilities is critical for retailers, as any compromise in safeguarding consumer information not only damages trust but can also lead to legal repercussions affecting customer loyalty and the company's market standing.

Data Breaches

The primary risk facing retailers is data breaches. An unsecured broadband connection can serve as an entry point for cyber criminals to access and steal customer data.

Downtime and Operational Disruptions

Cyber attacks like Distributed Denial of Service (DDoS) can overwhelm a retailer’s network, leading to downtime. For a retail business, even minimal downtime can result in significant sales losses and disrupt customer service.

Phishing and Social Engineering Attacks

Employees in retail can be targeted by phishing schemes, potentially leading to unauthorised access to sensitive systems. Secure broadband can include solutions to filter out harmful traffic and raise flags about suspicious activities.

Read More
Alexandra Forsyth Alexandra Forsyth

FRAUD TIPS FOR ONLINE SAFETY

Fraud has increased over time in the retail industry, due to expansion of the ecommerce and digital landscape. AFRG explores how consumers can stay aware of the latest trends and be protected from scam activity.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

Introduction:

Fraud has increased over time in the retail industry, due to expansion of the ecommerce platforms and digital landscape. AFRG explores how consumers can stay aware of the latest trends and be protected from scam activity.

Fashion is said to be experiencing a wave of counterfeit fraud this year, due to demand in clothing and different styles skyrocketing. For example, an estimated 1 in 5 consumers under the age of 35 have purchased a counterfeit fashion item, with global ecommerce sites posing the most threat. These sites include AliExpress and DHGate, dubbed the Amazon of ecommerce, providing platforms for sellers to offer low quality goods containing high-end branding to boost financial gain.

Technology solutions to help combat counterfeiting include AI for building image recognition. Several start-ups are currently dabbling in counterfeit detection to protect trademark branding and reputation, aiming to prevent revenue loss in the long-term. Digital product passports (DPPs) said to begin being distributed more commercially this year, will be required by all textile products sold in the EU by 2030, and can enhance product material sourcing, tracking origin of products (prevent counterfeit goods from being sold) and end of life handling.

Paris Olympic Games:

In 2024, prior to peak summer season, ticketing scam activity is already on the rise, with the Paris Olympic Games and worldwide tour of pop sensation Taylor Swift being the two biggest scam examples so far. According to a recent report by UK Finance, specific types of compromise leading to fraud such as purchase and romance scams are paving the way for cyber criminals. An estimated GBP£1.17B was stolen in 2023, with online platforms suffering unprecedented targeting towards vulnerable consumers.

Cyber crime operations of this nature involve brand impersonation and defrauding consumers through ticketing services, and merchandise sold on ecommerce sites. Cyber criminals want to try and steal data from consumers including financial and personally identifiable information, for a range of future abuse such as identity theft, account cloning/takeover, and illegitimate purchasing.

Additional cyber threats during the 2024 Paris Olympic Games include opportunities for threat actors to manipulate network-connected environments and increased digital transactions. Disrupting operations, or trying to steal consumer data through phishing attack is possible. Sponsors and partners of the official Olympic organisations will likely be targeted through fake websites portraying access to VIP events, prizes to be won through answering survey questions, copycat merchandise sold on counterfeit websites and asking for account verification through pop-up ads.

It has been suggested that scammers are leveraging the Paris Mairie sending recipients emails with 55,000 free tickets for the Opening Ceremony on July 26; with threat actors sending similar style emails promoting ‘free tickets’, however requiring a shipping fee as payment. Within the email content, the French National Olympic and Sports Committee will likely be named as collaborators of such promotional deal, added for legitimacy purposes to lure users into sending the shipping fee through proving personal data and bank details.

It has been reported across industry news, over 300 scam websites selling fake resale tickets for the Paris Olympics have been uncovered between March 2023 - June 2024. A total of 140 have been approached online to ‘stop and close’ while 51 have been shutdown.

The Paris Olympic partners and top sponsors for 2024 retail include Carrefour, LVMH, Decathlon, Unilever, and Nestle. AFRG CLUB will monitor industry trends and report any further developments deemed useful.


5 TIP TO STAY BETTER PROTECTED THIS SUMMER:

  1. ONLY use legitimate ticketing sites to purchase orders, avoiding ticket resale on social media platforms such as Facebook and Instagram. Criminals prey on eager people and may target you through dodgy links redirecting to phishing portals. However, one common scam involves a false error message pop up being displayed on a legitimate site, saying there is a problem taking the payment. The victim will then be asked to make the payment a second time, thus charged twice for the tickets. If you're buying tickets and you're told that your payment didn't go through, check your online banking or mobile app first before proceeding with the payment.

  2. Be MINDFUL of information you share online such as images of successfully purchased tickets, and event information. Cyber criminals can use this information to create fake/cloned tickets.

  3. Cyber criminals are CURRENTLY using legitimate tracking/shipping services to add authenticity after scamming customers who are unaware and assume all is well. The process involves customers making a purchase on a website (normally this is fake and set up to scam users who visit), and are then sent tracking details to monitor when their parcels arrive. However this is all part of a ploy, cyber criminals use a legitimate parcel service to create tracking information, taking the information users provide at checkout such as physical address and add this to shipping, making it seem authentic. As a result, the customer is unaware they have been scammed, and items purchased will likely never arrive because they do not exist and have been created for the purpose of scamming customers via the fake website. ALWAYS check email contents for any indication of suspicious activity, such as sender, and tracking URL link (avoid clicking directly, instead hover over to check it redirects to the same place it claims to). Report to your bank and Action Fraud if you think you have been a victim of scamming.

  4. Cyber criminals are opting for communication platform WhatsApp as means to distribute phishing links to mass targets. It is RECOMMENDED to ensure MFA, strong passwords across all accounts, and limit the amount of personal information shared on social media.

  5. Stay AWARE of industry trends concerning retail fraud and scam activity reported in the media, to avoid becoming a victim. You can also get in touch with your bank and/or Action Fraud and report any incidents.

Read More
Alexandra Forsyth Alexandra Forsyth

‘CYBER-TECH’ MOVEMENT

Fashion can be explored between people and computers, enhanced by technology to grow interactions.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

JOIN AFRG NETWORK TO READ THE FULL ARTICLE

I first heard about the phrase ‘cyber-tech movement’ in the ‘future of fashion’ social news XYZ digital magazine in March 2024. Since then, I have been on a journey to identify examples of this new phenomenon.

The term ‘cyber’ was first coined in the 1940’s as a way to describe communicating between people and hardware. Cyber to industry experts such as myself means digitally enabled and is often associated with types of compromise taking place online causing reputational and financial impacts to businesses, and brands.

It isn’t a secret that technology has enhanced our world, and how we interact with each other daily, providing ease of conversation through smartphones, and quick purchasing power within ecommerce stores. All this together means fashion can be explored between people and computers, enhanced by technology to grow interactions. As technology evolves, so do consumers.

Although ‘cyber’ has been around for almost a decade, ‘cyber security’ came later at the turn of the 1990’s, referring to safeguarding, and implementing protections against thieves in cyberspace. Over the last years, cyber crime has flourished, against the backdrop of rising technology influencing malware creation, generative AI for enhanced phishing, deepfake technology, and big data processes.

For example, the Ducktail malware targeted fashion in November 2023, with threat actors distributing archives containing image of new products by major clothing companies to professionals, embedded with a malicious executable disguised as a PDF file. Once this is opened, its contents are revealed as job information / career change data. However, the attached malware installs a browser extension onto the victim’s machine to identify and steal credentials, later sold on the dark web (a decentralised area of the internet accessible for the purpose of illegal activity).

More recently in February 2024, the first AI deepfake scam was reported to have targeted a finance worker, setting up a fake conference call pretending to be colleagues, even going as far as to impersonate the victim’s chief financial officer, obtaining £25M. Although this was not impacting retail or fashion, various industries use communication platforms such as Teams and Zoom to conduct meetings with colleagues, and therefore this threat could play out in real-world scenarios cross-industry.

Read More
Alexandra Forsyth Alexandra Forsyth

GEN-ALPHA TRENDS 2024

AFRG explores retail and gen alpha trends for cyber awareness.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

HOW DID WE GET HERE?

In a world where Gen Alpha and Gen Z are slowly shifting the retail and technology landscape, it is paramount that we consider how best to teach the next cohort of young individuals about cyber security and cyber safety online.

Considered to be between the ages of 10-14 years old, Generation Alpha have already begun exploring the world of retail and cosmetics, as reviewed by both CosmeticsBusiness in their ‘Sephora Kids Controversy’ campaign, driven by influencers promoting skincare brand ‘Drunk Elephant’ along with Digital Voices detailing ‘The TikTok Effect’, young consumers buying this brand and anti-aging serums on sites such as TikTok and Instagram.

The latest adult cohort, referred to as Generation Z, dominated 2023 by entering the workforce, brand awareness and becoming concrete consumers, emerging from their early to mid-20’s.

It is time we explored Generation Alpha, taking technology in their stride, and how this will impact the industry landscape in terms of cyber security safety, training, and identity (p.s., Generation Beta is just around the corner in 2025, a fully fledged generation born into the world of AI, machine learning, and social media).

TREND ANALYSIS

On average, 66% of those aged between 12-14 years old have been identified as using social media to discover new brands, while 40% are suggested to have used an electronic tablet before the age of 6. Comparing this with Gen Z, they only make up around 39% of individuals using social media for the same purposes, and 39.8% using brand websites and apps to discover and purchase products.

By 2025, Gen Alpha will represent close to 2 billion children worldwide, with this new generation considered to be evolving at a fast pace, exhibiting characteristics including inquisitiveness, assertiveness, free thinking, and a desire to push the boundaries of technology, and knowledge.

With entrepreneurial mindsets, and aspirations to start multiple streams of income outside of the corporate world, Gen Alpha will most likely be their own bosses, a trend set to skyrocket the industry in as little as 4-5 years.

It is safe to assume Gen Alpha will remain heavily digitalised in the future. Over the last years, they have been considered a new breed of tech savvy individuals, thriving from smartphone access, in turn lacking social norms late Gen Z and Millennials are to the present day attuned to (e.g., in-person interaction such as hanging out with your neighbours, and attending classes and lectures).

In terms of using tools to access young children, artificial intelligence (AI), and hosting online sessions currently show benefits, whilst according to a recent survey, the metaverse is deemed ‘useless’, with 71% not knowing what it is.

PAVING THE WAY FOR CYBER SECURITY EDUCATION

Starting early is key to setting up Gen Alpha for the future of retail and cyber security.

Overall, 57% of Gen Alpha spend more than three hours per day on digital devices, increasing their exposure to influencer content and marketing, and 49% trust influencers in the same regard as family and friends.

- Digital training and adoption of cyber security protections through brand campaigns such as ‘how to stay safe when shopping’, including educational video tutorials mimicking what is currently being shown on social media, and businesses putting their own spin on it with cyber safety. For example, a mixture of YouTube, TikTok and Snapchat campaigns, offering top-tips short-form content, with additional long-form videos / vlogs showing security measures, or influencers discussing how to stay protected.

 - Influencer training on the dos and don’ts when shopping online, teaching the basics of cyber security to high-profile social media creators, offering guidance to their large followings which will be favoured towards Gen Alpha and Gen Z. This is also a good opportunity to bridge the gap between cyber security professionals and influencer culture, who already share commonalities in terms of understanding and using technology to enhance job functions.  

 - A framework/lessons learnt will need to be created surrounding safe shopping for the retail industry, including updating mobile devices, watching out for newer technologies such as AI chatbot service being advertised on official app stores, how to spot the signs of phishing in mailboxes (putting protections on child access), and on social media platforms, implementing parental locks, and offering general advice. Digital presentations aimed towards parents, and in-person networking sessions will both be beneficial for this audience.

- Panel discussions inviting young speakers to discuss technology and share their knowledge for relatability / understanding more in terms of tech and how it is currently being used. This could be a collaborative effort with schools, to bridge the gap between cyber security experts such as myself, and tech savvy individuals in need of guidance.

 

- Teaching AI and cyber security fundamentals, how to enter non-personal information into chatbot and generative AI services, holding onto sensitive data. Likewise, keeping on top of the latest industry trends, and governance including the AI Act to monitor devices and protect consumers as part of regulating technology.   

Read More
Alexandra Forsyth Alexandra Forsyth

BACK-TO-SCHOOL 2023 GUIDE

The back-to-school season starts earlier as parents shop for essentials amidst rising costs. NRF reports record spending on electronics, clothing, and more, reflecting increased digitisation and the need for updated technology to facilitate remote learning and social interactions.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

BACK-TO-SCHOOL TRENDS

The back-to-school retail period typically starts and ends in August before schools, colleges and universities reopen between September and October. However, research has shown parents are shopping earlier and stocking up on school-related items such as stationery, clothing, electronics, and sporting equipment.

According to the National Retail Federation (NRF), ‘Retail Holiday and Seasonal Trends’ report, consumers are showing signs of resilience during the cost-of-living crisis, impacting society’s economic outlook. For back-to-school and back-to-college, NRF emphasise record spending, as part of a larger survey of 8,000 consumers and products involving K-12 through to college students. On average there has been a strong increase in electronic items being bought since 2022, linking to digitisation, alongside furnishing, clothing and accessories. 43 percent of shoppers agree they need more of these items, with a third suggesting they are spending more because of price hikes and effects from the pandemic. Coinciding, there has been a general increase in electronic use, such as smartphones, laptops, iPads, and tablets for easier integration with how students learn by means of ‘zoom classrooms’, submitting assignments through learning portals online, and general pressures to have the latest technology when interacting with friends.

Blending in-person and virtual learning through technology has become a back-to-school essential. Laptops, tablets, and digital tools have taken centre stage as students navigate the complexities of modern education. For example, e-books and eLearning within online interactive platforms, have caused rising demand for these “tech-savvy gadgets”.

 

In total, NRF predicts back-to-school trends will reach USD$41.5B(GBP£32B) in 2023, up from USD$36.9B (GBP£29B) in 2022. Discounts and promotions are still prevalent this year, with many consumers shopping around and considering options such as trading down, reselling items, thrifting and only buying essential items. In the UK, leading retailer Marks&Spencers announced its ‘Pre-Loved Back-to-School Uniform Shop’ in June 2023, enabling consumers to donate items including school uniform from any retailer, alongside pieces displaying school badges and logos, later sold in Oxfam stores and on ecommerce marketplace eBay.  

Similarly, to help with spending, US-retailer Walmart launched its ‘Classroom Registry Experience’ in July 2023, underpinned by teacher spending reaching a staggering USD$800 (GBP£635) for school supplies. New integrated features within Walmart’s mobile app will assist educators in reducing classroom costs, by planning and sharing item wish lists.  

Additional findings for back-to-school, have been analysed by consulting firm Deloitte, suggesting spending for K-12 students is expected to decrease by 10 percent to USD$597 (GBP£470) per individual, while the overall back-to-school market will subsequently decline. Spending on technology is anticipated to decrease 13 percent and 14 percent for clothing items, with shoppers reportedly cutting costs on electronics and clothing, reinforced by inflation and cost-of-living crisis, opting to save through mass merchants (e.g., Walmart, Wilko, and Target), discount retailers, and dollar-stores.  

One stop shops are proving a popular choice amongst consumers for back-to-school, with a return to in-store browsing due to more inventory being available, enabling consumers to buy groceries and shopping; with Walmart reaching the lowest price points at 60 percent, Amazon following behind at 49 percent and Target receiving 39 percent.

CYBER SECURITY THREATS & ACTIONS

Education has seen a rise in cyber attacks and cyber security threats, due to heavy reliance on IT infrastructure for daily operations – similar to other industries globally. A shift to online learning and remote working during the pandemic, has led children, and young students to attend classes through online platforms such as Zoom and Microsoft Teams, therefore increasing prevalence of access points for threat actors, who seek to steal personally identifiable information (PII) including medical records, email addresses, and payment data.

 

Please consider the following guidance on current threats to the industry.  

Shopping Scams. Can be carried out through creating fake online stores, offering discounted school supplies, uniforms, and electronics. After purchase, these items will not be delivered to the buyer, due to being falsely advertised. Threat actors can promote fake stores and products through fraudulent social media ads to entice students and parents into revealing details on their websites at checkout, enabling collection of payment data. Recent scam campaigns observed by security researchers have identified the use of malicious PDF documents labelled ‘back-to-school tips’, sent to victims to lure them into clicking an attached URL link, redirecting to the malicious site. In July 2023, Ecommerce platform Amazon was reportedly being targeted by phishing campaigns, through newly registered domains relating to the term ‘Amazon’, taking advantage of its ‘Amazon Prime Day’ sales which many back-to-school shoppers go to for discounts on supplies.

 

Identity Theft and Deepfakes. Scammers are employing various identity theft tactics to exploit students and parents when attempting to gain unauthorised access to school databases and retrieve personal information. For example, creating fake enrolment forms to collect sensitive data, and sending well-crafted phishing emails posing as educational institutions or retailers, to trick victims into sharing login credentials. Deepfake AI technology is also emerging as an enabler for cyber crime activities, used to create convincing voice recordings of school officials and mimic students' or teachers' voices to trick parents into making payments and sharing personal information, taking advantage of the trust and urgency surrounding back-to-school activities.

 

Ransomware and Data Stealing. Are known to cause severe impacts towards education. In January 2023, 16 schools including private academies in Yorkshire, Northern England, UK, were effected by ransomware, resulting in threat actors demanding GBP£15M in return of access to systems. Because Internet access was prohibited, lessons had to be planned and carried out via pen and paper teaching, until operations could be resumed. A few months prior, 14 schools across the UK suffered disruptions by a prolific ransomware group Vice Society in September 2022. This threat group specialise in stealing data and extorting it for payment to fund future campaigns – having targeted many industries over the years including education, retail, and hospitality. Compromised data included children’s passport scans, special needs requirements and employee payroll data.

 

Actions educational institutions can take against ransomware and data theft include:

 

  1. Update and install the latest patches on vulnerable / outdated software systems,

  2. Employ phishing awareness training and ensure employees know they can use the ‘Report Phishing’ option in Outlook,

  3. Endpoint security solutions such as network segmentation and firewalls,

  4. Backup data using the 3-2-1 rule (a.k.a. two copies stored online, and one copy of data in an offline environment).

 

Artificial Intelligence (AI). AI in education can aid collaboration, helping to form social media posts, while students prepare for public relations, communications and social media manager roles. In schools, parent / teacher conferences can be simplified through showing students’ performance across the academic year, for automation and tracking. AI enables virtual tutoring, and personalised education programmes, and online learning environments to supplement traditional educational content for scalability. Schools, colleges, and universities are becoming early adopters of generative AI tools for teaching and learning. For example, a school district in Iowa, US, is using OpenAI’s natural language learning model ChatGPT to ban books lacking ‘age-appropriate material’, resulting in removal of 19 books from several school library collections. Teachers are also beginning to relay generative AI policies, specifically in universities, and encouraging its use within monitored Facebook groups such as ‘Higher Ed Discussions of Writing and AI’, and ‘Google group AI in Education’.

Some of the challenges to AI involve increased loss of creativity in education, and accessibility to data, GDPR concerns, and services like ChatGPT only being as good as its training data.

How do we minimise AI risks?

Security researchers have posed alternatives to ChatGPT, and AI, such as teachers requiring students submit handwritten homework, meaning students have no choice but to read the material assigned before submitting a report; teachers can also grade papers submissions no higher than 89 percent (or a “B”), but that to get an “A,” the student would have to stand in front of the class and verbally discuss the material, their research, their conclusion, and answer any questions the teacher or other classmates might ask. Banning the use of ChatGPT altogether in schools, colleges, and universities can be an alternative option, with global trends showing these technologies were restricted on devices and networks. The New York City public school district became one of the first to temporarily ban ChatGPT from its schools’ devices and networks in January 2023, however was reversed months later. Several schools and universities in Australia also introduced restrictions on the use of generative AI tools, including initial bans by the public-school systems in all Australian states other than South Australia, although it is likely this will be lifted in 2024.

CURRENT CYBER STRATEGIES & IMPACTS

The UK government has introduced free training resources, published online in August 2023 as students prepare to head back-to-school this September, encouraging cyber skills learning and aspirations among children. Coinciding, 50,000 students in the UK have been registered to the ‘Cyber Explorers’ programme since it first launched in 2022, promoting digital literacy, and increasing young student’s safety online by moderating content and addressing disinformation.

Awarding achievements to educational institutions goes a long way in raising awareness about cyber safety practices and hygiene. In August 2023, the University of Kent was recognised by the UK National Cyber Security Centre (NCSC) as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE), receiving a Gold Award for ensuring cyber security remains high on the university’s agenda.

Towards the end of July 2023, the Biden-Harris Administration in the US, published a set of strategic objectives for training and securing the future of cyber talent – unveiling its ‘National Cyber Workforce and Education Strategy (NCWES)’. The most important takeaways involve leveraging a collaborative workforce through developing ecosystems to meet cyber workforce demands, and greater diversity and inclusion. Combating a decline in K-12 school teaching capabilities is also high on the agenda and remains a present challenge for students when accessing education in cyber security-focused subjects. Colleges and universities will be expected to collaborate more with educational agencies and government to innovate programs and increase the number of educators who teach cyber-skills in the future.

The US continues to drive initiatives to combat future labour shortages in the cyber sphere. For example, ‘Cyber.org’ is providing K-12 school education online to empower educators to teach cyber security skills through ‘Project Reach’, targeting Black and minority communities, and ‘Project Access’ for blind and visually impaired students – funded by the Cyber Security and Infrastructure Security Agency (CISA).

In the UK, CyberFirst Schools & Colleges is an initiative set up by the NCSC and GCHQ, delivered by IN4 Group in the Northwest, to encourage a diverse range of young people in their pursuit of a cyber career. CyberFirst also host bursary schemes to support undergraduates through university, degree apprenticeship opportunities, and girls only competitions.  

Overall, K-12 through to higher education and university institutions must consider and ensure employees, faculty, visitors attending in-person activities and students learning on campus and within online environments, are well adverse about cyber risks and have access to the appropriate resources. Sharing tools, building a community, and remaining curious in the field of cyber is our best chance at keeping protected against the symptoms of modern life – technology has grown more free-spirited overtime, and it’s up to us to stay updated.

Read More
Alexandra Forsyth Alexandra Forsyth

TECHNOLOGY TRENDS IN FASHION 2023

Magazines, both physical and digital, continue to captivate consumers' interest, with a blend of traditional and modern formats catering to diverse tastes.

DISCLAIMER

The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.

I want to draw your attention to significant shifts within the fashion industry. The following blog post details the most popular fashion-forward technology trends; while highlighting cyber security risks towards retailers and brands.

(1) MAGAZINE CULTURE

“This isn’t just a magazine, it’s a shiny beacon of hope” — Devil Wears Prada

Over the last years, the physical and digital magazine landscape has shifted in line with consumption and changing consumer attitudes. I decided to explore this shift further, and spoke with representatives from two prominent magazine outlets in London. Charlotte Street News, and magCulture were filled with brands and topics covering different aspects of the society we live in. It became clear from my visit, consumers are still interested in buying hard copies and browsing in-store, whether that be for fashion or graphic design, magazines hold a permanent place in the public eye.

According to Kopnina, H. (2007, p.364) research paper titled ‘The World According to Vogue: The Role of Culture(s) in International Fashion Magazines’, magazines can be seen as “cultural objects” that reflect ideas visually and textually. Furthermore, magazines are filled with different narratives curated to highlight cultural trends; in fashion this often alludes to editorial reviews and articles. Overtime, magazine culture has evolved to align with more thought-provoking stories, driven by emotion and attuned to fit its readership, rather than simply containing celebrity gossip and throwaway fashion tips. Magazines can be seen as a driving force within the technology space online, promoting influencer culture, brands, home improvements, interior design, retail, DIY, sustainable beauty, and conscious fashion.

The first fashion magazine publication took place in 1867, with Vogue capitalising the fashion space in 1892, aimed at high-end consumers. Fashion since the beginning of time, has been a form of self-expression, a persona for some, and an alternative reality for others to embrace their true authentic selves. For this reason, magazines tend to reach external audiences outside of mainstream media, touching on controversial topics in meaningful ways.

Despite the overall consensus that magazines are important to readers, technological shifts have resulted in hardcopy sales declining, and in November 2022, the prestigious US-based Washington Post announced after 60 years, it would be discontinuing its printed magazine issue.

According to the Press Gazette, the UK’s consumer magazines circulation (how many copies distributed), declined by 11 percent in 2022, while average global circulation dropped to 24 million across both digital and print copies, down from 26.8 million in 2021.

In today’s society, hardcopies are having to compete with the internet and its digital news subscribers, bloggers and even social media, identified as the medium for news coverage during the COVID-19 pandemic and post-lockdown life, with platforms such as TikTok providing daily news coverage.

Aside from the internet, one other technological trend includes the rise of artificial intelligence (AI) and OpenAI’s ChatGPT natural language model, which has been embodied for automating production industry-wide, such as launching AI-written eBooks on Amazon, by generating blocks of text, from a single prompt, and creating books at rapid speed. By mid-February 2023, there were over 200 ebooks in Amazon’s Kindle store listing ChatGPT as an author or co-author.

(2) LIVE STREAMING

Consumers crave authentic personalities, and therefore choose brands that share similar values, heightened by live streaming capabilities on social media. For example, China’s “mobile oriented” shoppers tend to watch influencers and promoters on Chinese ecommerce site Alibaba and other apps for convenience, with it’s live streaming market exceeding USD$327billion(GBP£249billion) in 2021. An estimated 1 in 5 purchases were made in live streaming during this time, facilitated through creation of influencer villages for 12 hour live streaming sessions daily.

In comparison to the US and UK, which generated USD$20billion(GBP£15.5billion) and USD$10billion(GBP£7.7billion) respectively for 2022, China is the hub for ecommerce growth. In 2022, China’s revenue reached USD$423billion(GBP£329billion), underpinned by 50,000 livestreams attracting 260 million viewers. In the US, predictions show revenue from online live shopping will exceed USD$35billion(GBP£27.1billion) by 2024, while as part of investment, Alibaba is set to create 200,000 live streamers and 10,000 streaming accounts across key industries, with each live stream account estimated to generate around 3,000 million users in traffic.

Why Is Live Streaming Impactful?

If we think back to the first trend of ‘Magazine Culture’, it wasn’t long ago that consumers would buy into words printed on pages describing clothes, worn by high-profile individuals, suggesting the latest trends, and designers. Now think of live streaming as an extension of those words and images, shifting physical and digital spaces to build a community of users, and voilà! you have the opportunity to experience real-time fashion tips and tricks online.

To conclude, brands and retailers have an opportunity to leverage and promote their products through social media, and boost human connection on a global scale, breaking geographical barriers. In the fashion industry, live streaming provides a close-up of products, with advertisers describing the clothes they’re wearing through intimate engagement with audiences. In a study conducted by Apparel Resources in April 2023, better brand engagement, and consumer reach was identified through shopping platforms Taobao and Tmall. Seamless experiences has also been reported, with shoppers able to add products to carts without having to leave live streaming, only afterwards completing their purchase at checkout.

(3) CONSUMER ACTIVISM

Fashion is a ‘powerhouse’ movement of culture, design, and inspiration. Now mixed with acceleration to ecommerce, fashion is underpinned by ‘consumer activism’ between retailers and consumers; ultimately shifting perceptions on what to wear, and how to purchase.

Consumer activism, according to Muraro, S. (et al 2023, p.2) research paper titled ‘Spurring and sustaining online consumer activism: the role of cause support and brand relationship in microlevel action frames’, is motivated by social media, and sustained through actively disagreeing with brands by posting, tweeting, liking, commenting and sharing opinions online. During the COVID-19 pandemic, and post-lockdown life, decentralised platform Telegram was used for connecting like-minded individuals to campaign against retailers virtually, and in some instances staging physical demonstrations to cause disruptions and brand damage.

Political issues have also contributed to an increase in consumer activism, underpinned by boycotting brands across retail, specifically fashion businesses continuing with trading in Russia, underpinned by the ongoing war against Ukraine, resulting in many high-end brands removing operations temporarily or selling businesses altogether.

Stop Funding Putin’s War Today! is one example of consumers sharing their viewpoints against Russia, along with the hashtag #BoycottRussia on social media. Nike was one of the brands targeted, for not upholding its promise to temporarily close storefronts in Russia, however, has since retreated.

Data from Sprout Social identified consumer expectations are shifting, revealing 70 percent of consumers agree it is important to take a public stand against brands regarding social and political issues. Jungle Scout, a leading platform for selling products on Amazon, revealed in its Consumer Trends Report 2021, out of 1,100 US consumers, 40 percent purchase products to buy when scrolling through social media, and 58 percent believe brand’s social activism influences impression and positivity.

Consumer activism can also be carried out in the form of physical disruptions, within groups such as Extinction Rebellion (XR), having targeted the fashion industry in 2023 specifically because of its sponsorship with global beverage company Coca Cola. In February, groups gathered at The Strand, London to demand an end to fossil fuel investments, wearing white boiler suits bearing the phrase ‘cut the oil out of coke’ and a large banner displaying ‘Coca Cola, Worlds Top Plastic Polluter.’ Interestingly, although fashion was not the obvious target, involvement became apparent through its partnerships, and supply chain vendors. Likewise, XR is notorious for carrying out disruptive campaigns, having gained many affiliated groups globally, often communicating through digital means such as social media.

Additional trends include Gen Z’s cultivation of digital spaces, creating a breeding ground for influencers, paid promotions on Instagram, live streaming content, and brand access. For example, during the Cannes Film Festival in France in May 2023, presenters of Behind the Numbers podcast discussed themes of influence, with ‘influential’ being the first influencer marketing agency to attend such an event, showing driving power of digitalisation.

(4) AUTOMATION

You may recognise ‘Spot,’ from the image above, otherwise known as an automated robot, available to harness across different industries including oil&gas, manufacturing, and research amongst others. Spot was infamously used to remove pieces of clothing from models during Coperni Fashion Show in March 2023 (full video of the event can be viewed here).

The Parisian brand of wearables including accessories, has been known to push the boundaries between fashion and technology. Aside from partnering with Boston Dynamics for the first fashion show in which robots helped discard of clothing, Coperni’s SS23 show during Paris Fashion Week in October 2022 played host to spray fabrics technology, captured forming a dress-style live on model Bella Hadid through its sustainable partnership with Spanish fashion designer and scientist Manel Torres and his team at London’s Bioscience Innovation Centre; using Torres’ Fabrican (e.g., liquid containing fibres bound together by polymers, biopolymers, and greener solvents, that evaporate once contact is made with a surface).

At the same event, Japanese brand Anrealage, inspired by the work of Jakob von Uexküll, a German biologist and philosopher (1864–1944) who studied how living creatures perceive their environment; showcased mobile light devices, transforming photochromic materials of clothing to ultraviolet rays, informed by pigments reacting to them by changing colour, resulting in white transforming into grey, pink, yellow, purple, or blue, while yellow and red revealed patterns of stripes or polka dots (full video of the event can be viewed here).

(5) AUGMENTED AND VIRTUAL REALITY

Technology giant Apple, unveiled the first look of its ‘Apple Vision Pro’ at the annual Worldwide Developers Conference (WWDC), representing mixed reality wearables, combining augmented and virtual reality with the physical world, set for retail release in 2024. Features of the Vision Pro include eye and gesture tracking for navigation, and control, 3D photo and video capture, and visionOS operating system linking to a dedicated App Store designed specifically to run on mobile devices and tablets.

Duped by Apple, the “spatial computer” meaning a blend of digital and physical, the headset has capabilities involving using cameras for virtual experiences, shutting them off and making content completely isolated for fulltime immersion using ‘passthrough AR’ (avoiding translucent virtual objects and limited field of view).

According to Vogue Business, for fashion, early use cases might indicate the ability to broadcast fashion shows or storytelling moments within compelling environments, with shoppers able to allude to life-sized 3D products, and reimagine personal shopping experiences/product assortment.

One other trend within the augmented reality space includes ‘The Future of Fashion’ company Zero10, with its AR platform providing customers the ability to try on clothes before purchasing. High-end brands such as Coach and Tommy Hilfiger have already used this software, while Zero10 is set to launch the ‘future of retail’ AR-powered concept store in Paris, France. The ‘AR Mirror’ will showcase POS systems for physical retail and immersive experiences.

Social media platform Snapchat is rumoured to include its try-on ‘lenses’ feature for users at festivals later this year, as part of its AR Enterprise Services (ARES), and 3D product viewing. While brands including Coca Cola have incorporated the technology for its AR-enabled vending machines.

(6) WEB3

Research conducted by the Retail Customer Experience, has revealed the metaverse can help with retail and inclusivity. Consumers are expected to be offered a versatile range of avatars representing a person’s identity, and improved capabilities for disabled communities, using advanced audio and visual tools to remove physical barriers from shopping experiences. Coinciding, AI driven translators will break language barriers and web-standard accessibility tools, to help with hearing and visually impaired navigation on ecommerce pages.

On the Beyond Form podcast, representatives discussed Web3 fashion, and its links to non-fungible token (NFT) ownership of products for consumers, building a better community. For example, digital passports (DP) will offer users authority and sovereign over space and tools in the metaverse.

(The metaverse refers to virtual worlds that enable online social interaction using digital avatars. As this space develops, it is likely that we will begin to see more metaverse environments incorporate web3 technology. The Web3 revolution currently utilises decentralised protocols such as blockchain, to facilitate cryptocurrency transactions, and address data ownership).

Web3 can offer digital loyalty for fashion users and communities, through immersive experiences in the metaverse, for example by revolutionising the apparel sector and how brands, designers, and consumers engage with fashion. In turn, augmented and virtual realities, can provide transformative experiences by merging physical and digital realms. Communities such as ‘Night, Family and Culture’ will therefore serve as creative impulses within the upcoming Fall/Winter 2024/2025 season, aligning themes with fabric and accessory collections.

Fashion brand Lacoste recently announced it will be upgrading its NFTs to enhance brand engagement, turning its Genesis Pass NFTs into a gateway under ‘UNDW3’, allowing users to collect points through ‘The Mission’ initiative, and access dashboards to track progress/gain rewards. Nike has also opted for enhancing shopping experiences, facilitated through its back to school digital ‘Swoosh High’ immersive campaign, and web3-enabled platform.

(7) AI AND SUSTAINABILITY

An emerging technology trend is AI-assisted 3D printing, with US-based fashion company Unspun, and the world’s first 3D weaving production, creating new ways to manufacture and make clothes sustainably. Unspun’s ethos is to reduce global human carbon emissions by 1 percent through intentional manufacturing for the apparel sector; offering on-demand solutions for suppliers globally.

The start-up, known for its custom-fit jeans, has recently won funding worth a staggering $14 million, to assist its ‘just-in-time’ production. The process involves a body scan, capturing 30,000 data points to create design in fabric and style customer chooses, with a topographical weaving machine to produce jeans efficiently, while limiting excess inventory and waste when producing clothes.

The topic of sustainability is resonating with consumers at rapid speed, with individuals becoming more fashion conscious and aware of materials being worn on a day-to-day basis. This has been accelerated by the COVID-19 pandemic and post-lockdown life, shifting perceptions on where to shop, and product origin. For consumers, this can be a deciding factor on brand loyalty, and wanting to remain educated on sustainable practices.

Leather for example constitutes high-fashion, worn by communities as a style-forward trend to express power, autonomy, and so forth. However, this material is highly controversial, and lucrative for involving unsustainable practices across supply chains.

The Central Leather Research Institute (CLRI), has carried out studies into enhancing recycling through technology and traceability for the leather industry, shifting to adopting green practices, including reducing usage of water, chemicals, and waste. For example, addressing liquid waste with zero liquid discharge (ZLD), and recycling synthetic tanning material from shaving waste by converting flesh into poultry feed, and collagen to develop biomaterials and hair waste into pharma-grade gelatine.

Overtime, alternatives for leather have become apparent in the fashion industry, for example the ‘FruitLeather’ company based in Rotterdam, Netherlands is known for using discarded mangos collected at local food markets. This is a highly sustainable way to make leather materials, with no cows or livestock used in developing this type of product, saving greenhouse gases and methane emissions.

(8) CYBER SECURITY RISKS

According to the Retail Insight Network, retailers are concerned about keeping up with the ‘pace of change.’ Out of 600 key retail executives analysed globally, 60 percent felt pressured to keep updated with cyber security best practices, and supply chain challenges. As mentioned throughout the following blog post, retail, underpinned by fashion is evolving in terms of technological trends, which will require sharper understanding from C-suite and board members in terms of data protection, cyber resilience, and cyber hygiene. For example, identifying an organisations crown jewels and assets requires vulnerability management, and audit control to preserve data, while thinking about better privacy policies for AI-tool usage to prevent leakage of intellectual property into chatbot services such as ChatGPT.

Threat actors can leverage this to manipulate security algorithms and target AI data being used to train and report for suspicious behaviours, while creating phishing and malware campaigns to avoid detection (ChatGPT is already being discussed in relation to creating malware for targeted campaigns) resulting in organisations suffering from lack of data privacy and recovery mechanisms.

Computer generated content, referred to as ‘synthetic media’, can enable emerging technologies including deepfakes, virtual influencers, and extended reality to form life-like environments and personalities for people to relate too. However, researchers have observed the dark side of rising technology trends, such as deep fakes, creation of fraud marketplaces for selling counterfeit goods, and rising synthetic identities used to bulk purchase inventory online, preventing consumer sales. Threat actors can use ‘deep-fake’ technology to capture brands and people of influence, providing an outlet for scamming activities through manipulating voices and campaigns.

Relating to Web3, NFT-secured virtual selves, provide more security than identities in daily life, due to passwords being stolen, biometrics hacked, and passports forged. In turn, NFT-identities can be secured through blockchain, making it difficult to clone and steal them.

However, fashion brands have been at the mercy of NFT battles because of blockchain, and the decentralised nature of digital spaces being leveraged for financial gain. Announced in June 2023, French luxury brand Hermes finally won a permanent injunction for its ‘MetaBirkins NFT lawsuit’, gaining permanent ownership of its NFT collection for copyright violations and permanent ban on the MetaBirkin NFT. The outcome was against creator Sonny Estival ‘Mason Rothschild’ who carried out the scheme to defraud consumers into believing the bags were Hermes trademark endorsements. Nike also filed a lawsuit for an NFT trademark infringement incident between March to July 2022, against reseller ‘StockX’ of 38 fake purchased Air Jordan 1s trainers; with both incidents showing the lucrative financial offerings being exploited within digital spaces.

Read More