Closing the doors for hackers on a holiday shopping spree: SMB and consumer edition

Over the past several years, holiday shopping trends have shifted significantly. Standing in long lines or driving to crowded malls has been replaced by browsing on social platforms and entering discount codes at website checkouts. This year, Cyber Monday online sales hit an all-time high, reaching a nearly 20% year-over-year increase with online shoppers spending $9.4 billion.

However, the allure of single-day shopping sprees has been extended to encompass a full season. Since November 1st, shoppers have spent a record-setting $81.5 billion. In the days and weeks ahead, the figures will continue to add up as the shopping boon crescendos on Christmas and continues for weeks to come.

While this is excellent news for SMBs, bad actors have also taken notice. Hackers are zeroing in on this holiday shopping season as the perfect opportunity to siphon off money and credentials from unsuspecting consumers and unprepared companies. Fortunately, neither party is defenseless in this regard. Follow along to learn how we can work together and protect our privacy and security this holiday season, keeping spirits high to usher in 2020.

Shoppers Beware
2019 is on pace to be the worst year yet for data breaches, and hackers are capitalizing on the treasure trove of information available from these events to execute phishing scams targeted at shoppers. In November, the number of e-commerce phishing URLs accessed or sent via email spiked . Already, instances of this malicious activity are up 233% since November 2018.

Amidst the slew of holiday deals, it’s easy for cybercriminals to send phishing links or exploit shoppers with seemingly valid websites that deploy hallmarks of internet security, like HTTPS encryption. In 2018, the risk was so severe that the Cybersecurity and Infrastructure Security Agency issued a warning to consumers, urging them to “be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identity theft, or financial loss.

Collectively, these threats increase the impetus for consumers to be vigilant about evaluating their digital communications during the busy holiday shopping season. Moreover, they should protect their accounts using strong, unique passwords while enabling two-factor authentication whenever possible. It’s estimated that the vast majority of consumers, as many as 66%, use weak passwords to protect their accounts, and more than half use the same password across multiple logins.  In other words, simple password management is a foundational practice for guarding against cybercrime and stopping the Grinch from finding his way to the presents underneath your Christmas tree. 

Additionally, credit and identity monitoring services can identify compromises in early stages, giving consumers a chance to respond before fraud ensues. Minimizing third-party data sharing can reduce your exposure to bad actors. Ultimately, the threat landscape is growing exponentially, and everyone has a part to play towards mitigating risk and staying safe.

Good Business is Good Security
While consumer data breaches can be wrapped up and sold on the Dark Web at a bargain price, hackers see e-commerce businesses as the big-box presents waiting to be opened up.  Often, phishing and malware are deployed to compromise critical data, hold business operations for ransom, and jeopardize a business’s bottom-line. 

For example, Magecart and other prominent payment skimming malware have compromised thousands of company records. In total, it’s estimated that more than 50,000 companies worldwide have been impacted by payment skimming malware.

Moreover, as the holiday season often brings out the best in people, it also provides an inroad for cybercriminals to dupe employees. Hackers capitalize on giving spirits during the holiday season by eliciting fraudulent donations or siphoning off authentic contributions. Once again, phishing techniques and fraudulent credentials equip bad actors to easily steal millions during this time of year.

Therefore, retailers, restaurants, particularly those hosting loyalty programs and online shopping carts, must protect their employees and customers. For starters, phishing scams are only effective if recipients engage with the material. Providing or renewing employee awareness training can help mitigate the latest threat trends. Moreover, Dark Web monitoring can prepare your organization for customer breaches and future misuse. Education promotes data security, while ignorance creates an environment where cybercriminals thrive.

Conclusion
Reputation damage and customer attrition are two of the often-unseen consequences of a data breach, and great bargains at checkout are quickly forgotten when customer data is stolen. December is the perfect time to evaluate how cybersecurity fits in to your customer satisfaction, marketing, and overall business development efforts.

Malware and other maladies only take root when indifference is the dominant cybersecurity strategy. Before consumers spend millions on your platform, ensure that your technology is supporting your priorities, rather than giving your customers a reason to leave. Monitoring the Dark Web for stolen credentials can fortify your defensive posture and alert customers before they are exposed to fraud, building enduring relationships and brand loyalists along the way.

Now is the time for retailers and the customers to team up against hackers, and ID Agent is ready to assist your cybersecurity priorities. Whether providing comprehensive phishing scam awareness training through our BullPhish ID^TM  offering or deploying Dark Web ID^TM to identify stolen information, we have the tools to keep your holidays merry and bright.

{{cta(‘4d473f40-19d1-4d94-a596-311eecbe7d3a’,’justifycenter’)}}