You’ve survived Black Friday AND Cyber Monday without a single cybersecurity snafu. You’re in the clear, right?
Sadly, hackers are just getting started with scams targeting holiday shoppers. Cyber Monday acts as the unofficial kickoff day to the hacking season, during which people share their payment information online more than any other time of the year.
Here’s what to watch out for and some tips to avoid scams this holiday season.
Increase in Cyber Attacks
According to Carbon Black’s 2018 threat report, there was a 57.5% increase in attempted cyber attacks during the 2017 holiday shopping season — double that of 2016. There’s no reason the number shouldn’t increase this year.
Here’s what Tom Kellermann, Chief Cyber Security Officer at Carbon Black, has to say:
"Based on existing precedent, we expect the same trend to continue, if not increase, during the 2018 holiday shopping season. During the holiday season, there is often a ton of noise in the online world and attackers do everything they can to take advantage of that. This applies not only to consumers who shop online, but also to businesses as well, many of which are understaffed and, in the case of retailers, approaching the busiest time of the year."
While you might expect that the largest spike in scams is between Black Friday and Cyber Monday, the report indicates that it is actually between Christmas and New Year’s when consumers are looking for post-holiday shopping deals.
Types of Attacks
Carbon Black reports that the majority of holiday-related cyberattacks were the result of spear-phishing campaigns designed to deliver malware. These attacks largely target employees at retail outlets with the goal of gaining access to their stores of customer purchasing information.
Past attacks have taken advantage of companies that give in to the temptation to turn off some of their security tools to avoid slowing down business and ease the workload of employees over the holidays. The report also indicates that remote employees will likely receive spear-phishing emails that promise low airfare and deals on gift cards — all of which will allow a hacker to access your companies network if an employee falls for the fake email.
How to Avoid
This all means that now is a good time to reiterate cybersecurity best practices with your employees. At least one retailer falls for a phishing scam each year. How do you avoid that business being yours?
Carbon Black lays out some helpful tips that you can share with employees:
- Evaluate the email's basic hygiene. Look out for poor grammar, misspelled words and unorthodox URLs. These basic things often point towards a message being malicious — especially if the email claims to come from an organization or someone you trust.
- Determine the email's motivation. Requests for personal or financial information should be viewed with extreme caution; especially emails claiming to be from businesses. Attackers often attempt to mimic a company CEO and use spoof emails to make requests for financial transfers. Users can avoid falling victim to this CEO fraud by phoning or speaking to who is listed as the requestor to confirm if it’s a real request.
- Attachments link landmines. Users should be wary of downloading unexpected or unsolicited attachments as it could be a means of delivering malware. If in doubt about the attachment, contact the sender via another means like a phone call to confirm the attachment or start a separate email chain. Don’t reply to the email in question.
As long as you know your employees are double checking every email they get, you can rest easy knowing that your network should be safe and focus your efforts on the business holiday season.
Looking to make sure your business avoids any unnecessary criminal disruptions this season? Download our free small business cyber security guide which will help you better prepare your business through various preemptive security measures.
Written by Nik Vargas