Trending

Scams to Watch for This Holiday Season

Do you know what scams to watch for this holiday season?

As December comes to a close, businesses are going into overdrive to cater to the shoppers' frenzy. This comes fraught with potential cybersecurity pitfalls: In 2021, almost 75% of North Americans faced at least one type of holiday scam; businesses, too, faced a significant increase in ransomware attacks. Across 2022 and 2023 these upticks in cybercrime only grew, with industries seeing an increase anywhere from 30% - 73% (and retail being the hardest.hit.)

Today, our ethical hackers cover the common holiday scams businesses should watch for... and preventative measures to ensure these scams are not successful. 

Scams to Watch For This Holiday Season

During the holiday season, scammers leverage a host of vectors like social engineering, dubious discount vouchers, and viruses to inflict financial and reputational damages.

  • Business Email Compromise (BEC): Scammers will gather data about small and medium businesses through social media, websites, and email address books. They also mine the personal data of employees through previous breaches. They use this data to construct genuine-looking emails that make employees believe the email is from a colleague, boss, or a client. The attractive word choice often lures them into clicking malicious links. Such attacks are called social engineering scams

  • Fake mobile apps: Many companies offer extra discounts when customers shop using their mobile apps. Scammers often try to create fake apps to exploit customers. Raising customer awareness of your apps and helping them distinguish between authentic and fake apps can help avert an attack

  • CEO email scam: Many businesses get company-wide holiday greetings from their CEOs during the holidays. Scammers take advantage of this and disguise phishing emails as messages from CEOs to lure employees into clicking malicious links. Training employees to spot a phishing email is crucial to ensuring they do not fall for these tricks

  • Credit card testing: Retail businesses experience a surge in activity during the holidays, making them one of the busiest times for this sector. Credit card testing is a scam aimed at eCommerce or retail websites on which customers purchase using credit cards. Scammers often gather this information from the dark web. They test the credit card on an eCommerce website to see if it is active. If the card is active, they exploit it to make large purchases. Retail businesses should monitor suspicious purchases on their site to protect their customers. Besides causing losses to customers, such scams damage a business's reputation.

  • False chargebacks: In the era of easy returns, businesses, especially in retail, face another major scam: false chargebacks. This happens when scammers get a hold of your customer's account. They make a purchase and then file false chargebacks. Retail businesses should monitor all orders, especially those with higher-value purchases, to detect fraudulent activities

The holiday season is an important time for organizations of all sizes, as it brings a surge in customer activity and new opportunities. However, it is also a time of heightened vulnerability to scams.

To protect your business from holiday cybercrime, there are several preventative measures you can take:

  • Prioritize cybersecurity: Do a risk analysis of your company's security health to fix gaps and prepare for new security threats. Ensure that all security measures are in place before the holiday season

  • Educate your staff: Ensure all employees know what constitutes a phishing or malicious email. Train them to spot potential scams and know how to report any suspicious activity. Regular security training can help prevent a cyber attack during the holiday season

  • Enable MFA: Multi-factor authentication is a great way to ensure customers are who they say they are. It can also be used to verify purchases and protect against data breaches

  • Monitor for suspicious activity: Monitor all orders and activities on your site or app, especially during the holiday season. If any suspicious activity is detected, take necessary measures to shut it down immediately

  • Secure domain: Secure the organization's domain so scammers cannot easily spoof your websites

  • Create a contingency plan: Have a contingency plan and ensure that your employees are aware of it and know what to do in case of any security incidents

By taking these preventative measures, businesses can protect their customers from holiday scams and avoid any potential losses or financial damages. Monitoring for suspicious activities and training staff about security protocols can help avert a cyber-attack during the holidays.

Conclusion

Holiday scammers are looking for more than just individual shoppers. They prey on businesses, too. With remote work and the growth of BYOD models, the risk of a scam affecting enterprises is even higher. As the world prepares for the upcoming holidays, scammers are ready to breach your organization's security. 

At Packetlabs, we help companies strengthen their security posture by identifying vulnerabilities within your infrastructure and providing a detailed attack narrative to help evaluate the impacts of each finding.

Interested in learning more? Contact us for a free, no-obligation quote today.

Featured Posts

See All
Packetlabs: One of the Top 5 Best Penetration Testing Companies

December 25 - Blog

Packetlabs: One of the Top 5 Best Penetration Testing Companies

It's official: Packetlabs has been recognized as one of the top penetration testing companies in 2024 on review platform Clutch.

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

Packetlabs Company Logo
    • Toronto | HQ
    • 401 Bay Street, Suite 1600
    • Toronto, Ontario, Canada
    • M5H 2Y4
    • San Francisco | HQ
    • 580 California Street, 12th floor
    • San Francisco, CA, USA
    • 94104