The holiday shopping season is well underway and it’s often one of the busiest for retailers, eCommerce companies, and others who seek to use the holiday as an opportunity to offer discounted prices on their most popular products.
Online shopping this year reached $9.1B on Black Friday and $11.3B on Cyber Monday and Google estimates that, on average, websites can see a traffic increase of 300% during the holiday shopping season.
However, this period can also be an opportune time for hackers who take advantage of unassuming shoppers, retailers and the fervor that comes with the holiday season.
To help you prepare we have put together a roundup of the best resources to check out to stay protected this holiday shopping season.
Hackers know retailers are likely to experience high website traffic and will increase their staff to handle additional shipping, customer service, and fulfillment. Cybersecurity on the other hand, is likely not a priority. This gives malicious actors the perfect opportunity to carry out attacks that can be costly for an unprepared retailer.
Here’s what to look out for (and how to protect yourself):
- Card Not Present Scams and Fake Delivery Scams - Card Not Present scams (CNP) often use leaked or stolen credit card data while fake delivery scams can hit shoppers who are expecting a package. CNP scams can make their way back to retailers — if a victim reports the fraud, the retailer is likely out the cost of the product, the product, and any associated fees.
- Guide on preventing eCommerce Fraud - This guide will provide some key steps, processes, and recommendations for preventing, detecting, and responding against common eCommerce fraud, helping you withstand attacks during the holiday shopping season and beyond.
- System overload - payment controls, traffic, and spoofs - Across online and offline systems (like PoS systems and other devices), retailers are expected to see a huge surge of activity. This is perfect for hackers to infect sites and systems with malware or ransomware. Consumers, on the other hand, frantically trying to find the best deals, may end up on spoofed (impersonated) sites, where hackers can steal valuable data.
- Advanced Attacks include bots and API attacks - Advanced bot-related and DDoS attacks are launched on retailers during the holiday season and they’re increasing in frequency.
- Additional site protection (DDoS, Web Application Attack, Bots, etc) - DDoS attacks can be devastating for any site, especially during a high traffic period. Here’s a guide that will tell you what you can do to protect against some of these automated attacks.
- PoS malware and data breaches - Hackers can attack PoS (point of sale) systems in order to steal credit card data. If left unnoticed, hackers can lurk and steal data for months.
- How to Protect PoS systems - For retailers with an online presence, you’ll want to make sure your PoS systems are protected. Start by updating all your devices, then read this article.
- Website payment skimming - SQL injection and Magecart - SQL injections and Magecart attacks are some of the most devastating — magecart and SQL injections are a class of attacks that hit websites and can lead to data theft, malware, cryptojacking, and more.
- How to defend against Magecart - Magecart is such a well known attack, we’re sharing an entire guide dedicated towards protecting yourself against it.
- Supply chain attacks - Given the recent attacks on supply chains, you should also consider auditing and assessing your current supply chain to minimize the risk of an attack impacting your ability to serve your customers. Make sure you have a contingency plan and keep lines of communication open so you can both act quickly in case something goes wrong.
These threats often rise during the holiday shopping season but can come at any time. Knowing the threat and being prepared can help you even during the off-season where attackers can still launch numerous kinds of attacks.
Protecting your employees during the holiday shopping season
Your employees may also be at risk for various scams and attacks that are on the rise during the holiday season. To make sure they’re aware and know what to look out for, we’ve put together this email template you can send out to your employees.
Email template (cut and paste below!)
The 2022 Holiday Season is in full swing, which means we will start seeing an increase in winter holiday-themed phishing emails. Be on the lookout for these popular holiday scam tactics:
- Fake Shipment Notifications
- In these phishing scams, you may receive an email or SMS scam alerting you to package/shipment alerts and notifications. Links in these emails will direct you to sites that spoof (impersonate) popular retailers and trick you into providing login info.
- Gift Card Scams
- Scammers will send emails pretending to be the company CEO or similar. The email will contain an urgent request that digital gift cards be purchased for customers/clients and that the codes be sent back to the “CEO”, who will immediately deplete the funds.
- Unreal Holiday Deals
- Emails that claim a well-known (or sometimes not so well known) retailer is selling a popular gadget or item for an unbelievably LOW price. These types of emails can be setups for phishing (credential stealing), drive-by malware downloads, or plain-old fraud (buying non-existent items from a scam online retailer).
We know this time of year can be quite hectic and you can’t spend time playing email detective for every message you receive! But there are a few easy things you can do to ensure you don’t fall for these scams:
- Avoid clicking on links, emails or text messages that you were not expecting to receive.
- Read emails carefully. You may be expecting a FedEx delivery, but do the details listed in the email make sense? Are they specific to you or more general in nature? Is the email trying to get you to act quickly or give a sense of urgency? This is a common phishing tactic.
- If a deal seems too good to be true, it probably is.
- If you are unsure about an email, visit sites directly, rather than using links in emails.
SolCyber is always available 24/7/365, so you can always contact us even during the holiday season to help with your cybersecurity needs!