New Report Lists Cyber Threats to Online Shopping

Social engineering activity, such as seasonal job scams, donation scams, and fake charities, is predicted to be rampant during the 2024 holiday period. This finding comes from the recently released 2024 Holiday Season Cyber Threat Trends Report, which details threats the retail, hospitality, and travel industries face during this time of year.

Another recent report points to the severity of holiday cybercrime: a Norton study reveals that nearly half (48%) of U.S. consumers say they have been targeted by a scam during holiday shopping online.

The Holiday Cybercrime Landscape: Key Threats

1. Ransomware Attacks: Ransomware remains the top threat during the holiday period, as seen in 2023. Scattered Spider attacks are also expected.
2. Social Engineering Scams: Cybercriminals exploit the holiday spirit through job scams, fake charities, and donation scams, tricking people into revealing sensitive data.
3. Account Takeover (ATO): ATO involves cybercriminals gaining unauthorized access to your accounts, leading to fraudulent purchases or gift card scams.
4. Phishing: Although slightly down from previous years, phishing via email, phone, and text is still prevalent, often masquerading as holiday deals.
5. Fraud and Bot Attacks: Bots and fraudulent schemes target consumers and retailers, using tactics such as credential stuffing and fake orders.

5 Key Tips for Safe Online Shopping

Hackers are waiting to exploit vulnerabilities in your devices and internet connections to steal personal and financial information. Follow these recommendations to shop smarter:

1. Keep Devices Updated: Enable automatic updates and use strong passwords. Enable multifactor authentication for better security.
2. Shop Only from Trusted Sources: Visit retailer websites directly. Look for “https:” in URLs and be wary of emails offering big discounts.
3. Use Secure Payment Methods: Pay with a credit card for better fraud protection and monitor your statements.
4. Limit Personal Information: Share minimal data online and report suspicious emails instead of engaging. There is no reason an online retailer needs to know your birthday, middle name, Social Security number, or any other personal information beyond your payment method and mailing address.
5. Avoid Impulse Clicks: Scams often include a sense of urgency designed to catch you off guard. The scammers hope that you will impulsively click a link for tracking information or download a receipt for an expensive order you did not place. Learn more here.

Impact of Holiday Shopping on Your Workplace

The best advice for online shopping at work and/or on work devices is don’t. Doing so can pose risks to your employer, including:

• Phishing and Malware: Clicking a malicious link on a work device can expose your company’s network.
• Data Breaches: Reusing passwords for personal and work accounts can lead to breaches.
• Productivity and Bandwidth: Non-work-related online activity can slow down company operations.

Protect your workplace with these simple steps:

• Use Personal Devices for shopping, not work devices.
• Avoid Shopping on Company Wi-Fi: Shop from home, not your workplace’s Wi-Fi network.
• Follow Company Cybersecurity Policies and secure work accounts with unique passwords.