November 26, 2014 By Douglas Bonderud 2 min read

In 2013, Cyber Monday sales hit almost $2.3 billion, an increase of 21 percent over the previous year, according to USA TODAY. It looks as though 2014 will be another banner year, both for post-Black Friday shopping and the holiday season as a whole. However, as reported by the U.S. Computer Emergency Readiness Team (US-CERT), phishing scams and malware are also on the rise. How can consumers and companies avoid having their holidays hacked?

Winter Warnings

According to US-CERT, cybercriminals use a variety of methods to infect computers and steal personal information. These include e-cards from unknown senders that contain malicious links, along with fake advertisements or shipping notifications that come with malware-laden attachments. Misleading social media campaigns are now popular scams, asking holiday shoppers to donate money for “worthy” causes that do nothing more than line the pockets of malicious actors. Fake websites are also viable avenues for holiday hacks. Last year, CSO Online reported that almost 3,000 fraudulent websites were created using “Black Friday” or “Cyber Monday” as identifying terms.

The common denominator here is social engineering. Holiday phishing scams and malware target high-volume search terms and leverage the trust that comes with common seasonal activities such as shipping packages or browsing for deals online. Users are now familiar with this kind of social advertising, having been exposed to it through “recommendations” to buy items from popular retail websites based on past orders. As a result, great deals on electronics or other high-profile goods are often granted a measure of trust, even when they’re unsolicited.

Protecting the Presents

While it’s tempting to think of this problem as purely focused on consumers, businesses are also at risk. According to TrackVia, almost 70 percent of millennial workers admit to using mobile devices in ways that are contrary to corporate policies. These include anything from downloading unapproved apps to surfing the Web for great Cyber Monday deals on company time. If employees are hit with phishing scams, corporate networks can be the ones that pay the price.

So how do organizations and end users protect themselves? US-CERT offers the following advice:

  • Never follow unsolicited links or download anything from an unknown source.
  • Never supply personal information via email, even to a “reputable” vendor.
  • Keep browser software up-to-date.
  • Ensure all transmissions are encrypted.
  • Use credit cards, since laws exist to limit liability for fraudulent transactions. Not all debit cards offer the same type of protection.

In the event of a successful phishing attack or malware infection, users should take these four steps:

  1. Change all passwords that could have been compromised.
  2. Make sure any accounts that might have been compromised are put on hold and monitored.
  3. Contact local police and file a report with the Federal Trade Commission.
  4. File a complaint with the FBI’s Internet Crime Complaint Center.

While the last step may seem too cumbersome if loss amounts are relatively small, it is important nonetheless since more information about holiday cybercrime gives law enforcement agencies a better chance at catching those responsible.

Cyber Monday is just around the corner, but along with great deals comes the specter of phishing attacks and highly infectious malware. To avoid getting scammed, increased awareness is key. Don’t let holiday spirit cloud better judgment and hack the season for everyone.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today