Holiday Season Cyber Threats

Holiday Season Cyber Threats

Holiday Season Cyber Threats

By CyberProof Research Team

November 25, 2021

Black Friday is one of the most active times of the year for online consumers, which means that it is also a particularly lucrative season for cyber criminals. Just as in previous years, these cyber criminals are preparing themselves for the occasion by planning several different ways to target online shoppers and e-commerce websites for a profit.

The following are some of the main cyber security threats that online businesses and their customers will be facing during this coming weekend.

Phishing and Scams

Phishing and scams are one of the biggest threats to shoppers throughout the holiday season. Threat actors create fake websites impersonating legitimate online retailers in order to steal users’ credentials and credit card information, or infect their machines with different types of info-stealing malware.

Threat actors create fake websites impersonating legitimate online retailers in order to steal users’ credentials and credit card information.

These types of attacks usually begin with a spam email and text message that uses identifiers and lookalike domains to those that belong to the original stores. This tricks users into accessing these fake websites.

Security researchers emphasize that the total amount of financial phishing attempts associated with e-payment systems and online retailers has more than doubled from September to October 2021. According to the research, Amazon has been the most popular lure in financial phishing attacks since the beginning of 2021, followed by eBay, Alibaba, and Mercado Libre.

Amazon phishing email

Amazon phishing email

Other notable subjects that were observed being utilized in recent phishing scams were related to fake charity donations, free or extremely cheap gift cards, fake shipping and top couriers’ notifications, gaming console frauds, and fake Thanksgiving greeting cards that lead to malware infection.

DHL phishing website

DHL phishing website

E-Skimming and Magecart Attacks

Even if shoppers take the necessary measures to stay safe while shopping online, they could be unknowingly facing threats even on legitimate e-retail sites. Skimming means stealing a cardholder’s credit card information using a device called a skimmer, usually installed in ATMs. E-skimming is the same practice, only online. Cyber criminals inject malicious code into legitimate websites and third-party suppliers of digital systems to steal credit card data as users submit it at a checkout page.

A specific hacking collective, known as Magecart, targets online shopping cart systems. They specialize in the Magento platform, stealing payment information that is then sold in credit card black markets. The group made the news recently for the largest credit card hack to date, with more than 2,500 online shops affected.

Attackers set up fake social media accounts in order to lure online shoppers, who are looking for the best deal or searching for their favorite retailer.

Social Engineering Attacks

Similar to phishing attacks, threat actors can leverage other techniques to fool users into accessing malicious links or downloading malware in the context of Black Friday. One of the platforms that threat actors look to abuse is social media. Attackers set up fake social media accounts in order to lure online shoppers, who are looking for the best deal or searching for their favorite retailer, by providing links to fake websites to steal payment data or compromised sites that will infect the users. Cyber criminals may also attempt to compromise retailers’ legitimate accounts in order to share malicious links with their followers.

Unencrypted Financial Transactions

Shoppers should be very careful about providing their personal and credit card information on unsecured websites that are not properly implemented with HTTPS encryption. Unencrypted financial transactions are fertile ground for Man-in-the-Middle (MITM) attacks – in which attackers intercept and see all of the data traffic between the client browser and web server.

Greater Ransomware Threat

The holiday season is known as a time during which most offices are closed, with employees spending time at home with their friends and families. Malicious cyber criminals are aware of this known fact, so this period is a perfect time for them to attempt compromising corporate networks - when most employees are not at work.

This period is a perfect time for cyber criminals to attempt compromising corporate networks - when most employees are not at work.

Recent history tells us that the most serious threat arising from this condition is impactful ransomware attacks, especially during holidays and weekends, such as Independence Day and Mother’s Day weekends. Attackers are likely to leverage this issue to encrypt corporate networks, interrupt business operations, and extort organizations for huge profits.

A Time for Caution

As people prepare to enjoy shopping at discounted prices, attackers are preparing ways to exploit this. If users are cautious throughout the year when making purchases online, they should be extra careful during this season, as scams and lures become more creative and sophisticated. Chances are that imprudent users will not realize that they have fallen victim to such attacks until it is too late.

Here are some of our recommendations for staying safe:

  • Make sure that you buy only from secure websites that encrypt traffic and display a valid SSL certificate.
  • Directly type retailers’ website names, and avoid clicking on URLs found in emails and text messages, especially from unknown senders.
  • Consider implementing Multi-Factor Authentication (MFA) in your e-commerce accounts, if possible.
  • Check the average price of a product and consider whether the price is too good to be true. If so, it is likely a scam.
  • When checking out, make sure that the site does not direct you to a different website.
  • Avoid opening emails from unfamiliar or suspicious sources.
  • Do not click on links or download attachments from suspicious emails. Hover over links before clicking on them.
  • Avoid emails, pop-ups, social media posts, or ads that offer deals that seem too good to be true.
  • Take note of the wording and grammar on the emails. Malicious emails tend to have many mistakes. If an official email message is fraught with errors, it is likely to be a scam.
  • Avoid using public Wi-Fi for online shopping, as it can expose you to attackers sniffing your personal information.
  • If your organization runs an e-commerce platform, make sure that its software is up to date and that all necessary patches are in place.
  • Consider using browser plugins such as NoScript, which can prevent JavaScript loading from untrusted sites and therefore reduces the surface of attack.
  • Download apps only from legitimate application stores, such as App Store and Google Play. Avoid downloading APKs from untrusted sources.
  • Check app reviews, the number of downloads, and the developer in order to decide if the app is legitimate or not.
  • Always check application permissions to see what your installed apps are allowed to do.
  • Monitor your bank account more regularly than usual during this season, in order to spot fraudulent activity as close to real time as possible.
  • Regularly update devices’ operating systems and apps.
  • Apply necessary protections against ransomware attacks:
    • Identify IT security employees for weekends and holidays who would be available to work during these times, in the event of an incident or ransomware attack.
    • Mandate strong passwords and ensure that they are not reused across multiple accounts.
    • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure that it is secure and monitored.

Want to learn more about how to reduce the risk of cyber attack and protect the safety of your organization’s data? Contact CyberProof’s experts today!

Written by CyberProof Research Team
Our Cyber Research Team is always on the lookout for the latest threats facing the digital ecosystem. Stay ahead of the risks so you don't need to find out about them after they become your next attackers.