As another holiday season dawns upon us, businesses are going into overdrive to cater to the shoppers' frenzy. While handling the customer rush, companies must also take precautions against holiday scams. In 2021, almost 75% of Americans faced at least one type of holiday scam. Businesses, too, face an increase in ransomware attacks. Attacks on companies can have wide-ranging impacts, from loss of revenue and reputational damage to regulatory interventions.
This article covers common holiday scams businesses should watch for and preventative measures to ensure these scams are not successful.
Common holiday scams
During the holiday season, scammers leverage a host of vectors like social engineering, dubious discount vouchers, and viruses to inflict financial and reputational damages.
Business Email Compromise (BEC): Scammers will gather data about small and medium businesses through social media, websites, and email address books. They also mine the personal data of employees through previous breaches. They use this data to construct genuine-looking emails that make employees believe the email is from a colleague, boss, or a client. The attractive word choice often lures them into clicking malicious links. Such attacks are called social engineering scams.
Fake mobile apps: Many companies offer extra discounts when customers shop using their mobile apps. Scammers often try to create fake apps to exploit customers. Raising customer awareness of your apps and helping them distinguish between authentic and fake apps can help avert an attack.
CEO email scam: Many businesses get company-wide holiday greetings from their CEOs during the holidays. Scammers take advantage of this and disguise phishing emails as messages from CEOs to lure employees into clicking malicious links. Training employees to spot a phishing email is crucial to ensuring they do not fall for these tricks.
Credit card testing: Retail businesses experience a surge in activity during the holidays, making them one of the busiest times for this sector. Credit card testing is a scam aimed at eCommerce or retail websites on which customers purchase using credit cards. Scammers often gather this information from the dark web. They test the credit card on an eCommerce website to see if it is active. If the card is active, they exploit it to make large purchases. Retail businesses should monitor suspicious purchases on their site to protect their customers. Besides causing losses to customers, such scams damage a business's reputation.
False chargebacks: In the era of easy returns, businesses, especially in retail, face another major scam: false chargebacks. This happens when scammers get a hold of your customer's account. They make a purchase and then file false chargebacks. Retail businesses should monitor all orders, especially those with higher-value purchases, to detect fraudulent activities.
Preventative measures: holiday scam
The holiday season is an important time for businesses, as it brings a surge in customer activity and new opportunities. However, it is also a time of heightened vulnerability to scams. To protect your business from holiday scams, there are several preventative measures you can take:
Prioritize cyber security:
Do a risk analysis of your company's security health to fix gaps and prepare for new security threats. Ensure that all security measures are in place before the holiday season. Penetration testing is a great way to ensure all vulnerabilities are identified beforehand and can be addressed.
Educate your staff: Ensure all employees know what constitutes a phishing or malicious email. Train them to spot potential scams and know how to report any suspicious activity. Regular security training can help prevent a cyber attack during the holiday season
Enable MFA: Multi-factor authentication is a great way to ensure customers are who they say they are. It can also be used to verify purchases and protect against data breaches.
Monitor for suspicious activity: Monitor all orders and activities on your site or app, especially during the holiday season. If any suspicious activity is detected, take necessary measures to shut it down immediately.
Secure domain: Secure the organization's domain so scammers cannot easily spoof your websites.
Create a contingency plan: Have a contingency plan and ensure that your employees are aware of it and know what to do in case of any security incidents.
By taking these preventative measures, businesses can protect their customers from holiday scams and avoid any potential losses or financial damages. Monitoring for suspicious activities and training staff about security protocols can help avert a cyber-attack during the holidays.
Holiday scammers are not just looking for individual shoppers. They prey on businesses, too. With remote work and the growth of BYOD models, the risk of a scam affecting enterprises is even higher. As the world prepares for the upcoming holidays, scammers are ready to breach your organization's security.
At Packetlabs, we help companies strengthen their security posture by identifying vulnerabilities within your infrastructure and providing a detailed attack narrative to help evaluate the impacts of each finding. Interested in learning more? Contact us for a free, no-obligation quote today!
Get a Quote
10 January - Blog
Your Guide to Objective-Based Penetration Testing
14 December - Blog
2022 in Review and Our Predictions for 2023: Cyber-Threat Landscape
05 December - Blog
Choosing a Penetration Testing Company: Methodology & Certifications