The Anatomy of Holiday Season Cybercrime

As we wrap up October and the holiday season begins, it’s important to discuss the increased cyber threats most people will face over the next three months and provide a few tips and insights that will hopefully allow you to protect yourself from becoming a victim.

While cyber threats exist throughout the year, hackers increase their activities during the holidays for a few unique reasons. The first reason cybercriminals capitalize during the fourth quarter every year is people increase their shopping, sometimes making purchases at multiple stores in a relatively short period of time. Now I know what you may be thinking, “I do that all year long,” but here’s the thing: Cybercriminals don’t wake up October 1 and decide to hack your favorite clothing boutique down the street. No, they started their campaign at least six months prior, implanting monitoring viruses on the retail store’s network. These viruses allow the cybercriminals to quietly watch transaction patterns, harvest credit card numbers, and—in some cases—divert the sales proceeds to accounts of their choosing. All of this, without ever having stepped into that chic boutique. But this doesn’t just happen at small, locally-owned businesses, it’s even happening to retail giants and online sales platforms!

PRO TIP #1 – Check your bank account at least twice a day to ensure there is no fraudulent activity on your accounts.

Which brings us to the second reason cybercriminals are so successful during the holiday season. Retailers, especially ones with an online sales presence, become vastly overwhelmed. Not just by the increased sales activity, but also the increased network traffic which can be a nightmare for some IT departments. According to digitalcommerce360.com, 2021 online holiday sales reached $211.41 billion, up 10.0% year-over-year, and up 54.9% compared with the 2019 holiday season. Expectations are that 2022 will continue that trend, and experts believe online sales will hit $2 trillion per year by 2030. In the fast-paced market of sales, companies have leaned more towards making money than spending it to strengthen their security infrastructure. This makes it incredibly difficult for IT and Security staff to keep up with alert notifications and system maintenance—which in turn provides cybercriminals the opportunities to exploit vulnerabilities.

PRO TIP #2 – Keep an eye out for news stories about data breaches. That favorite boutique may be the next big story!

I equate this type of activity to an old episode of I Love Lucy (I’m dating myself here), where Lucy and Ethel work in the chocolate factory and the conveyer belt malfunctioned, speeding it up, leaving her unable to keep up with her duties. Chaos soon followed. And as we have all seen many times before, art imitates life!

Before we move on, consider this, while most business professionals wake up to strategize how to mitigate cyber threats that occurred yesterday, last week, last month, or even last year, cybercriminals wake up pondering cyberattacks that won’t happen until next year or even the year after! We are always going to be one step behind, because with every new technology innovation, at least two cyber threats are born into existence.

The third reason these holiday cyber threats are so successful is not because of some new theft tactic or cutting-edge technology; it’s because humans are and will forever be the weakest link in security. Social engineering has been a tactic used around the world for thousands of years, and has proven itself to be the most effective when it comes to cyber threats. We’ve all seen the email from the foreign prince that needs our help. We’ve all received the phone call about our auto warranty expiring. But we are now seeing new designs of old tactics. Cybercriminals have begun impersonating financial institutions, sending text messages about your account being locked with a link to resolve the issue. Making robocalls, asking you to hold on the line to speak to a representative. These aren’t always random communications either. Cybercriminals will purchase your information through the dark web, which has now become a warehouse of personally identifiable information (PII). Criminal groups will pay people to dive into trash heaps to find any information that can be used to steal your money or identity.

PRO TIP #3 – Buy a crosscut paper shredder and shred documents prior to disposing of them.

Cybercriminals will also dedicate resources to hack your email account, which allows for two things to happen: first, making it possible to obtain vital information that would assist them in stealing your identity or at the very least knowing the bank you use; and second, it gives them access to your contact lists and potential new victims. Weak passwords and lax paper disposal practices are what cybercriminals are hoping for.

PRO TIP #4 – Use a complex passphrase, a sequence of words or other text used to control access to a system or data, that combines letters, numbers and special characters, as well as words that would not easily be associated with your daily life.

So, the question is, will you give cybercriminals what they want? Or will you partner with First Foundation for a stronger, safer cyber future!

INSIGHTS FROM FIRST FOUNDATION

A First Foundation Blog