It’s that time of year when many people go all in on holiday decorations, Hallmark Channel movies, pumpkin spice lattes, and shopping for the perfect gifts. The sound of cash registers ringing is music to retailers’ ears. Black Friday 2024 shattered records as U.S. consumers spent $10.8 billion online, a 10.2% increase from last year’s $9.8 billion. Salesforce reported that global spending also reached a new high: $74.4 billion was spent during the 24 hours of Black Friday, up 5% from a year ago.
The holiday season should be a time for joy, not headaches from a cyberattack. In an article for CTO Club, Aaron Shaha, our Chief of Intel and Threat Research, shared top holiday cyber threats and tips for how shoppers and businesses can protect themselves. Here are a few takeaways.
The Surge in Holiday Cyberattacks
While some people were dashing through the snow and into shopping malls, most of us were shopping online. This Black Friday, more than 57.6% of all online sales were made on mobile devices, up from 55.5% in 2023.
Cybercriminals thrive on this since they can send convincing emails disguised as exclusive offers such as “Buy Now, Pay Later” options or delivery updates. These scams aim to trick recipients into clicking malicious links or sharing sensitive information.
The promise of deep discounts and hard-to-find products can lead shoppers to counterfeit websites or fake mobile apps. These sites are often crafted to look like legitimate online stores but are designed to steal payment information or install malware.
Data breaches may seem like old news, but they are a favorite tactic of hackers. Healthcare-related breaches make synthetic identity fraud more effective. With access to names, Social Security numbers, and even medical history, attackers can create identities that are indistinguishable from real ones. They can use this stolen data to open a retail account and make fraudulent purchases, all while hiding behind a synthetic identity to sidestep billing and verification processes.
As a security provider, the holidays can make your job even harder. Many businesses hire temporary workers to handle quick, high-volume sales, and may not provide security training for them. While shoppers are frantically looking for the best deals, they often aren’t as vigilant about where they enter their credit card information. Here are some cybersecurity tips to share with your clients. You can find more in the CTO Club article.
For shoppers
- Verify sources
Before clicking on an email link or ad, verify the sender’s identity and double-check URLs. Look for unusual spelling errors or unfamiliar domains. - Use Multi-Factor Authentication (MFA)
Whenever possible, enable MFA on accounts. This adds an extra layer of security in case your password is compromised. - Ask for table-side payments
When dining out, make sure the server doesn’t take your card out of sight. The safest option is for the payment terminal to be brought to the table. - Consider freezing your credit
A credit freeze can help protect against new accounts being fraudulently opened in your name.
For businesses
- Invest in fraud detection solutions
AI-driven solutions can identify unusual activity in real-time, helping businesses stop cyberattacks before they escalate. - Patch systems regularly
Stores and small businesses should keep systems patched and up-to-date and use professional security services for monitoring. - Educate employees
Train your full-time and seasonal staff to recognize phishing attempts and avoid clicking suspicious links.
Have more cybersecurity tips to share or questions about protecting your partners and their businesses? Contact your Blackpoint security advisor. And sign up for our SOC’ing Stuffers giveaway, where we’ll draw a lucky winner of a $200 Amazon gift card every day. One lucky winner will be chosen for our $1,000 grand prize.