The holiday season is finally here, and so is the yearly holiday cybercriminal surge. As gift-givers look online for the best deals, cybercriminals put in work to profit off the holiday shopping craze. Cybersecurity researchers report this holiday fraud cycle has established itself in the last few years. The constant hustle and bustle of transactions and shopping patterns have created countless opportunities to capture payment data to attempt fraudulent transactions. Read on to learn which phishing tactics you should keep an eye out for this holiday season.
Phishing activities experience an annual spike right around the holiday season, and this year is expected to be a bad one due to more people shopping online because of the pandemic. The use of e-commerce phishing URLs has steadily increased over the last couple of years, and it will continue. The holiday lures are plentiful from cybercriminals, who are trying everything from order confirmation email scams and SMS to enticing promotional offer emails.
Promotional Scams and Domain Impersonation
Many phishing emails are paired with very convincing domain impersonation scams that act as simple e-commerce operations by running lookalike retail impersonation websites that ape both big and small brands. Most of them are tied to social media impersonations. They typically promote “unbeatable” deals and a sense of urgency with “limited-time deals” that convince consumers to give up their payment deals.
Criminals work overtime to direct automated bots to carry out any credential stuffing attacks that try credentials stolen from one website on a bunch of other different websites in case the victim reuses passwords. These bots carrying out account takeover attempts reach their peak right around Black Friday, and they can represent a large portion of retailer traffic during this time. Typically, the human-to-bot ratio on these login pages is about two to one on an average day, but it is about one to twenty around the holidays. If you run an e-commerce website, a proper network security plan or firewall installation can prevent most of these bots from gaining access to your website.
After attackers have harvested accounts and begin to monetize with card fraud, they transition the bot activity onto another lucrative venue: advertisement fraud. This typically happens right after Cyber Monday, and it has steadily increased within the last few years.
If you are concerned your website, whether it be a basic company website or an e-commerce website, is at risk of hackers gaining access during the holidays, give En-Net Services a call today! We can help you develop a comprehensive and smart security plan for the best protection!
En-Net Services Can Help Today
Experience a superior method of getting the public sector technology solutions you need through forming a partnership with En-Net Services. Our seasoned team members are familiar with the distinct purchasing and procurement cycles of state and local governments, as well as Federal, K-12 education, and higher education entities. En-Net is a certified Maryland Small Business Reserve with contract vehicles and sub-contracting partnerships to meet all contracting requirements.