November 26, 2014 By Douglas Bonderud 2 min read

In 2013, Cyber Monday sales hit almost $2.3 billion, an increase of 21 percent over the previous year, according to USA TODAY. It looks as though 2014 will be another banner year, both for post-Black Friday shopping and the holiday season as a whole. However, as reported by the U.S. Computer Emergency Readiness Team (US-CERT), phishing scams and malware are also on the rise. How can consumers and companies avoid having their holidays hacked?

Winter Warnings

According to US-CERT, cybercriminals use a variety of methods to infect computers and steal personal information. These include e-cards from unknown senders that contain malicious links, along with fake advertisements or shipping notifications that come with malware-laden attachments. Misleading social media campaigns are now popular scams, asking holiday shoppers to donate money for “worthy” causes that do nothing more than line the pockets of malicious actors. Fake websites are also viable avenues for holiday hacks. Last year, CSO Online reported that almost 3,000 fraudulent websites were created using “Black Friday” or “Cyber Monday” as identifying terms.

The common denominator here is social engineering. Holiday phishing scams and malware target high-volume search terms and leverage the trust that comes with common seasonal activities such as shipping packages or browsing for deals online. Users are now familiar with this kind of social advertising, having been exposed to it through “recommendations” to buy items from popular retail websites based on past orders. As a result, great deals on electronics or other high-profile goods are often granted a measure of trust, even when they’re unsolicited.

Protecting the Presents

While it’s tempting to think of this problem as purely focused on consumers, businesses are also at risk. According to TrackVia, almost 70 percent of millennial workers admit to using mobile devices in ways that are contrary to corporate policies. These include anything from downloading unapproved apps to surfing the Web for great Cyber Monday deals on company time. If employees are hit with phishing scams, corporate networks can be the ones that pay the price.

So how do organizations and end users protect themselves? US-CERT offers the following advice:

  • Never follow unsolicited links or download anything from an unknown source.
  • Never supply personal information via email, even to a “reputable” vendor.
  • Keep browser software up-to-date.
  • Ensure all transmissions are encrypted.
  • Use credit cards, since laws exist to limit liability for fraudulent transactions. Not all debit cards offer the same type of protection.

In the event of a successful phishing attack or malware infection, users should take these four steps:

  1. Change all passwords that could have been compromised.
  2. Make sure any accounts that might have been compromised are put on hold and monitored.
  3. Contact local police and file a report with the Federal Trade Commission.
  4. File a complaint with the FBI’s Internet Crime Complaint Center.

While the last step may seem too cumbersome if loss amounts are relatively small, it is important nonetheless since more information about holiday cybercrime gives law enforcement agencies a better chance at catching those responsible.

Cyber Monday is just around the corner, but along with great deals comes the specter of phishing attacks and highly infectious malware. To avoid getting scammed, increased awareness is key. Don’t let holiday spirit cloud better judgment and hack the season for everyone.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today