Blog

Scams to Watch for This Holiday Season

Do you know what scams to watch for this holiday season?

As December comes to a close, businesses are going into overdrive to cater to the shoppers' frenzy. This comes fraught with potential cybersecurity pitfalls: In 2021, almost 75% of North Americans faced at least one type of holiday scam; businesses, too, faced a significant increase in ransomware attacks. Across 2022 and 2023 these upticks in cybercrime only grew, with industries seeing an increase anywhere from 30% - 73% (and retail being the hardest.hit.)

Today, our ethical hackers cover the common holiday scams businesses should watch for... and preventative measures to ensure these scams are not successful. 

Scams to Watch For This Holiday Season

During the holiday season, scammers leverage a host of vectors like social engineering, dubious discount vouchers, and viruses to inflict financial and reputational damages.

  • Business Email Compromise (BEC): Scammers will gather data about small and medium businesses through social media, websites, and email address books. They also mine the personal data of employees through previous breaches. They use this data to construct genuine-looking emails that make employees believe the email is from a colleague, boss, or a client. The attractive word choice often lures them into clicking malicious links. Such attacks are called social engineering scams

  • Fake mobile apps: Many companies offer extra discounts when customers shop using their mobile apps. Scammers often try to create fake apps to exploit customers. Raising customer awareness of your apps and helping them distinguish between authentic and fake apps can help avert an attack

  • CEO email scam: Many businesses get company-wide holiday greetings from their CEOs during the holidays. Scammers take advantage of this and disguise phishing emails as messages from CEOs to lure employees into clicking malicious links. Training employees to spot a phishing email is crucial to ensuring they do not fall for these tricks

  • Credit card testing: Retail businesses experience a surge in activity during the holidays, making them one of the busiest times for this sector. Credit card testing is a scam aimed at eCommerce or retail websites on which customers purchase using credit cards. Scammers often gather this information from the dark web. They test the credit card on an eCommerce website to see if it is active. If the card is active, they exploit it to make large purchases. Retail businesses should monitor suspicious purchases on their site to protect their customers. Besides causing losses to customers, such scams damage a business's reputation.

  • False chargebacks: In the era of easy returns, businesses, especially in retail, face another major scam: false chargebacks. This happens when scammers get a hold of your customer's account. They make a purchase and then file false chargebacks. Retail businesses should monitor all orders, especially those with higher-value purchases, to detect fraudulent activities

The holiday season is an important time for organizations of all sizes, as it brings a surge in customer activity and new opportunities. However, it is also a time of heightened vulnerability to scams.

To protect your business from holiday cybercrime, there are several preventative measures you can take:

  • Prioritize cybersecurity: Do a risk analysis of your company's security health to fix gaps and prepare for new security threats. Ensure that all security measures are in place before the holiday season

  • Educate your staff: Ensure all employees know what constitutes a phishing or malicious email. Train them to spot potential scams and know how to report any suspicious activity. Regular security training can help prevent a cyber attack during the holiday season

  • Enable MFA: Multi-factor authentication is a great way to ensure customers are who they say they are. It can also be used to verify purchases and protect against data breaches

  • Monitor for suspicious activity: Monitor all orders and activities on your site or app, especially during the holiday season. If any suspicious activity is detected, take necessary measures to shut it down immediately

  • Secure domain: Secure the organization's domain so scammers cannot easily spoof your websites

  • Create a contingency plan: Have a contingency plan and ensure that your employees are aware of it and know what to do in case of any security incidents

By taking these preventative measures, businesses can protect their customers from holiday scams and avoid any potential losses or financial damages. Monitoring for suspicious activities and training staff about security protocols can help avert a cyber-attack during the holidays.

Conclusion

Holiday scammers are looking for more than just individual shoppers. They prey on businesses, too. With remote work and the growth of BYOD models, the risk of a scam affecting enterprises is even higher. As the world prepares for the upcoming holidays, scammers are ready to breach your organization's security. 

At Packetlabs, we help companies strengthen their security posture by identifying vulnerabilities within your infrastructure and providing a detailed attack narrative to help evaluate the impacts of each finding.

Interested in learning more? Contact us for a free, no-obligation quote today.

Featured Posts

See All

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

September 26 - Blog

Blackwood APT Uses AiTM Attacks to Target Software Updates

Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.

August 15 - Blog

Packetlabs at Info-Tech LIVE 2024

It's official: Packetlabs is a partner and attendee of Info-Tech LIVE 2024 in Las Vegas. Learn more about event dates and registration today.