Each year, between November and January, there is a considerable spike in online and in-store purchasing and travel. With this trend, comes yet another spike in both traditional crime and cybercrime. To help keep you safe, this is a friendly reminder that this holiday season, you may see an increase in malvertising and phishing.

• Malvertising: The use of online advertisements to spread malware. These ads can appear legitimate but secretly infect your device when clicked.
• Phishing: An attempt by cybercriminals posing as legitimate institutions or people, usually via email, to obtain sensitive information from targeted individuals.

These types of attacks often enable credential harvesting and deploy infostealers.

• Credential harvesting is a technique where attackers gather and leverage user credentials en masse. These attacks can take on many forms. Attackers may use a phishing attack, sending victims an email with links to bogus websites where users will be fooled into entering their username or password. They can also email users a malicious attachment to launch credential stealer malware they’ve “rented” on the Dark Web.
• Infostealers are just what the name implies. This is often a Trojan that is designed to gather information from a system. The most generic form of information is usernames and passwords, which will be sent to another system either via email or over a network. Other common information stealers, such as keyloggers, are designed to log user keystrokes which may reveal sensitive information – just think about all the information you type day to day!

1. Think before you click. Pay attention to emails you receive. You should know the companies from whom you are buying products/services. Do not click into emails from unknown senders. Hover over any unknown email addresses or links that appear in your emails. If a “mailto” does not match the sender’s name or the company’s domain you are expecting, do not take any action—especially if you are encouraged with words of urgency. If a link doesn’t direct you to a URL beginning with “https” (versus “http”), best just to avoid going there.
2. Keep your browsers clear of your passwords. Do not sync passwords to your browser. Malvertising usually leads to infostealers. This malware can potentially access synced browser data. If they infect one of your devices, they might be able to access your browser’s synced data, including passwords.
3. Keep a clean machine. Especially if you know you are about to settle in for some online shopping, make sure your internet-connected devices are free from malware. Run the most recent version of browsers, software, and other apps. Go ahead and update your devices. Taking some time for maintenance can go a long way!
4. Use secure WiFi. If you need to buy something online while on the go, please use a Virtual Private Network (VPN) or your phone as a HotSpot. Public Wi-Fi is convenient, but not cyber safe.
5. Pay wisely. Consider using a credit card instead of a debit card that is linked to your bank account for your online purchases. Alternatively, use a reliable third-party service like Apple Pay, Google Pay or PayPal, and avoid downloading unfamiliar “payment apps” that may be suggested by a retailer at checkout or an ad online.
6. Avoid public USB ports. Public USB ports may seem convenient for charging your devices on the go, but please refrain. They can be used to infect attached devices.
7. Wait to share. On your social media accounts, refrain from posting about upcoming or current travel or trips. Criminals may be looking for indications their targets are away, and their homes uninhabited. To deter thieves, you might consider having cameras in plain sight (whether functioning or not), watching over the approach to your home and other package delivery areas.

Ransomware gangs may have eclipsed Magecart’s publicity, but these actors are still alive and hacking. If you are not familiar with Magecart, the term Magecart was coined years ago and is linked to the name of the cybercriminal group who first used this technique in attacks against e-commerce websites to steal payment card data. The name Magecart derives from the words “Magento” and “shopping cart.” Several years ago, the Magento CMS was one of the most common targets of the Magecart groups, as it provided checkout and shopping cart functionality for many e-commerce websites. The high holiday shopping frenzy was, as you might imagine, a treasure trove for the group.

As we navigate the busy holiday season, it’s crucial to remain vigilant against the heightened risks of malvertising and phishing attacks. Remember, the key to cybersecurity is proactive prevention. Be cautious with your clicks, vigilant with your emails, and diligent in maintaining your digital hygiene. Ensure your devices are updated, use secure Wi-Fi connections, and opt for safer payment methods. Additionally, be mindful of the ongoing threat from groups like Magecart, notorious for targeting e-commerce platforms during peak shopping periods. By adopting these measures, you can significantly reduce the risk of falling victim to these cyberthreats and enjoy a safer, more secure holiday season.

Written by Julia Srienc, Director, Internal Security Compliance at Blackpoint Cyber

Julia Srienc manages Blackpoint’s internal security compliance program. In this capacity, she is focused on ensuring that compliance and security are integrated into business processes to foster organizational resiliency. With a background in risk management and intelligence, she spent the last five years at Redacted, Inc., designing and implementing security programs for corporate clients and high net worth individuals, while also managing the Mergers & Acquisitions Risk Advisory offering, which supported pre-transaction due diligence efforts. Her passion for cybersecurity and intelligence stems from her previous experiences supporting the U.S. Government’s cyber operations, national security missions, and public private partnerships.