Insights Roundup: What cyberthreats to look out for this holiday shopping season

The holiday shopping season is well underway and it’s often one of the busiest for retailers, eCommerce companies, and others who seek to use the holiday as an opportunity to offer discounted prices on their most popular products.

Online shopping reached $8.9B on Black Friday and $10.7B on Cyber Monday and Google estimates that, on average, websites can see a traffic increase of 300% during the holiday shopping season.

However, this period can also be a holiday for hackers who take advantage of unassuming retailers and the fervor that comes with the holiday season. To help you prepare, we put together a roundup of the best resources to check out to stay protected this holiday shopping season.

eCommerce threats and how to protect yourself

Hackers know retailers are likely to experience high website traffic and are likely to increase their staff to handle additional shipping, customer service, and fulfillment. Cybersecurity on the other hand, is likely not a priority. This gives malicious actors the perfect opportunity to carry out attacks that can be costly for an unprepared retailer.

Here’s what to look out for (we’ve provided links to a bunch of helpful resources below):

• Card Not Present scams and fake delivery scams – Card Not Present scams (CNP) often use leaked or stolen credit card data while fake delivery scams can hit shoppers who are expecting a package. CNP scams can make their way back to retailers — if a victim reports the fraud, the retailer is likely out the cost of the product, the product, and any associated fees.
• Guide on preventing eCommerce fraud – This guide will provide some key steps, processes, and recommendations for preventing, detecting, and responding against common eCommerce fraud, helping you withstand attacks during the holiday shopping season and beyond.
• System overload – payment controls, traffic, and spoofs – Across online and offline systems (like PoS systems and other devices), retailers are expected to see a huge surge of activity. This is perfect for hackers to infect sites and systems with malware or ransomware. Consumers, on the other hand, frantically trying to find the best deals, may end up on spoofed (impersonated) sites, where hackers can steal valuable data.
• Advanced attacks include bots and API attacks – Advanced bot-related and DDoS attacks are launched on retailers during the holiday season and they’re increasing in frequency.
• Additional site protection (DDoS, Web Application Attack, Bots, etc) – DDoS attacks can be devastating for any site, especially during a high traffic period. Here’s a guide that will tell you what you can do to protect against some of these automated attacks.
• PoS malware and data breaches – Hackers can attack PoS (point of sale) systems in order to steal credit card data. If left unnoticed, hackers can lurk and steal data for months.
• How to protect PoS systems – For retailers with an online presence, you’ll want to make sure your PoS systems are protected. Start by updating all your devices, then read this article.
• Website payment skimming – SQL injections and Magecart – SQL injections and Magecart attacks are some of the most devastating — Magecart and SQL injections are a class of attacks that hit websites and can lead to data theft, malware, cryptojacking, and more.
• How to defend against Magecart – Magecart is such a well known attack, we’re sharing an entire guide dedicated towards protecting yourself against it.

These threats often rise during the holiday shopping season but can come at any time. Knowing the threat and being prepared can help you even during the off-season where attackers can still launch numerous kinds of attacks.

Your employees may also be at risk from various scams and attacks that are on the rise during the holiday season. To make sure they’re aware and know what to look out for, we put together this email template you can send out to your employees.

Email template – Just Copy & Paste!

If you have any questions about how to ensure your business can stay cyber resilient all-year-round, drop us a line!