• Categories
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • A Cybersecurity Guide for Last Minute Holiday Shoppers

    Hey there, corporate heroes and savvy online shoppers!
    The festive season is upon us, and as we deck the halls and dive into the world of online shopping for the perfect gifts, it’s crucial not to overlook the ever-present threat of cyberattacks.

    Cybersecurity should be at the forefront of our holiday to-do list, given the increasing number of threat actors eager to exploit any vulnerabilities in the digitized world. In this article, we’ll delve into the reasons behind the need for heightened cybersecurity during the holiday season and provide practical tips to ensure a secure online shopping experience in 2023.

    Why Cybersecurity Matters During the Holidays
    To understand the significance of cybersecurity during the holiday season, let’s look at some recent statistics:

    • Human Element in Breaches: A staggering 74% of all breaches involve human elements, including errors, privilege misuse, social engineering, and the use of stolen credentials.
    • Retail Breaches: 37% of retail breaches stem from stolen payment card data, with 70% payment card breaches originating from web applications and 8% from Point-of-Sale servers.
    • Non-Payment/Non-Delivery Scams: During the 2022 holiday shopping season, non-payment/non-delivery scams saw over 12,000 victims with a loss of more than $73 million, as reported by the FBI’s Internet Crime Complaint Center (IC3).

    Common End-of-Season Holiday Cyberattacks

    As the year comes to an end our impulses are at an all-time high. Threat actors gear up for a surge in cyberattacks, capitalizing on the increased online activity and festive distractions. Understanding the most common cyber threats during this period is crucial for individuals and organizations to strengthen their defenses. Here are some top cyberattacks that tend to be prevalent during the end-of-season holidays:

    • Phishing Scams: Threat actors often deploy too good to be true phishing tactics to trick us into divulging sensitive information. Holiday-themed phishing emails may masquerade as special deals, shipping notifications, or even charitable appeals, preying on the spirit of giving.
    • Ransomware Attacks: The holiday season sees an uptick in ransomware attacks where malicious software encrypts a user’s data, demanding payment for its release. Threat actors exploit the urgency and emotional stress associated with the holidays to increase the likelihood of victims paying the ransom.
    • E-commerce Website Spoofing: Threat actors create fake websites mimicking popular e-commerce platforms, enticing users with too-good-to-be-true deals. Unsuspecting (last minute) shoppers may provide personal and financial information to these malicious sites.
    • Fake Mobile Apps: With the rise of mobile shopping, attackers develop counterfeit shopping apps that appear legitimate. Users downloading these apps risk exposing sensitive data, including credit card information, which could be used for malicious purposes.
    • Identity Theft: The holiday season sees a spike in identity theft attempts as threat actors aim to exploit the increased volume of online personal information. Stolen identities can be used for various fraudulent activities, from unauthorized purchases to opening fraudulent accounts.
    • Unsecured Wi-Fi Exploitation: Public Wi-Fi networks, commonly used during the holidays, can be a breeding ground for cyberattacks. Hackers may set up rogue Wi-Fi hotspots to intercept data transmitted over these networks, potentially gaining access to sensitive information.
    • Social Engineering Attacks: Threat actors use social engineering techniques to trick individuals into sharing confidential information. Holiday-related social engineering attacks may involve impersonating colleagues or friends, exploiting the festive spirit to lower victims’ guard.

    Cybersecurity tips for holiday season 2023

    Cybersecurity needs to be the star at the top of our holiday to-do list, especially when hunting for those perfect presents online. To lend a hand, we’ve gathered a few simple, easy-to-stick-to tips to ensure your e-shopping spree is a fun and secure online shopping experience.

    1. Think Before You Click: Take your time to review the links. Tip: hover over the URL and review the hyperlink for legitimacy. Attackers often trick users into clicking malicious links. If an offer seems too good to be true, it probably is.
    2. Secure Your Device: Ensure all devices used for shopping are secured with the latest updates and security patches. It’s like getting a flu jab for your devices, protecting them from all the bugs floating around.
    3.  Double Check the Website: Look for ‘https’ in the website URL, a locked padlock symbol, or a trust seal showing the site is secure. Remember, ‘s’ in ‘https’ stands for ‘secure’!
    4.  Use Secure Payment Methods: Credit cards or secure online payment services are your best bet for online shopping. Avoid direct money transfers that can’t be traced.
    5. Be Cautious of Fake Shopping Apps: Only download shopping apps from trusted sources to avoid falling prey to counterfeit applications.
    6. Watch Out for Phishing Notifications: Beware of phishing emails masked as holiday deals or notifications like “Track your delivery” or “Your card has been blocked.” They are traps by threat actors aiming to steal your information. As a rule, don’t entertain any unexpected or suspicious notifications. 
    7. Avoid using company devices or networks for online shopping
      You don’t want to accidentally introduce any cyber threats into your workplace. Let’s ensure our homes and offices stay as cheerful and secure as a well-lit holiday gathering.
    8. Minimize Personal Details and Optimize the Payment Process
      Provide only the necessary details at checkout and avoid creating unnecessary accounts. Let’s leverage secure payment platforms and be sure to decline requests to save payment details for non-frequent purchases.
    9. Use secure Home Wi-Fi Connection for Online Shopping
      Use your secure home Wi-Fi network to transmit crucial personal information, such as your name and delivery address, and confidently complete secure payment transactions.

    Remember, a secure digital space ensures a cheerful and worry-free holiday gathering, both at home and in the workplace.

    And, as you embark on your holiday shopping adventures, prioritize cybersecurity to protect yourself from potential threats. So, whether you’re a top-level executive, a mid-level manager, or an employee, it’s time to spread the word and create a cyber-secure environment this holiday season. By following these practical tips, you can securely navigate the online shopping landscape and enjoy a festive season filled with cyber-secure cheer. Stay safe, stay secure, and happy holiday shopping!

    References:

    https://www.cyber.gc.ca/en/news-events/federal-partners-remind-canadian-consumers-be-vigilant-cyber-threats-black-friday-and-cyber-monday
    https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-243a
    https://www.ncsc.gov.uk/guidance/shopping-online-securely

    December 14, 2023

    Cybersecurity, From Our Experts