November 26, 2014 By Douglas Bonderud 2 min read

In 2013, Cyber Monday sales hit almost $2.3 billion, an increase of 21 percent over the previous year, according to USA TODAY. It looks as though 2014 will be another banner year, both for post-Black Friday shopping and the holiday season as a whole. However, as reported by the U.S. Computer Emergency Readiness Team (US-CERT), phishing scams and malware are also on the rise. How can consumers and companies avoid having their holidays hacked?

Winter Warnings

According to US-CERT, cybercriminals use a variety of methods to infect computers and steal personal information. These include e-cards from unknown senders that contain malicious links, along with fake advertisements or shipping notifications that come with malware-laden attachments. Misleading social media campaigns are now popular scams, asking holiday shoppers to donate money for “worthy” causes that do nothing more than line the pockets of malicious actors. Fake websites are also viable avenues for holiday hacks. Last year, CSO Online reported that almost 3,000 fraudulent websites were created using “Black Friday” or “Cyber Monday” as identifying terms.

The common denominator here is social engineering. Holiday phishing scams and malware target high-volume search terms and leverage the trust that comes with common seasonal activities such as shipping packages or browsing for deals online. Users are now familiar with this kind of social advertising, having been exposed to it through “recommendations” to buy items from popular retail websites based on past orders. As a result, great deals on electronics or other high-profile goods are often granted a measure of trust, even when they’re unsolicited.

Protecting the Presents

While it’s tempting to think of this problem as purely focused on consumers, businesses are also at risk. According to TrackVia, almost 70 percent of millennial workers admit to using mobile devices in ways that are contrary to corporate policies. These include anything from downloading unapproved apps to surfing the Web for great Cyber Monday deals on company time. If employees are hit with phishing scams, corporate networks can be the ones that pay the price.

So how do organizations and end users protect themselves? US-CERT offers the following advice:

  • Never follow unsolicited links or download anything from an unknown source.
  • Never supply personal information via email, even to a “reputable” vendor.
  • Keep browser software up-to-date.
  • Ensure all transmissions are encrypted.
  • Use credit cards, since laws exist to limit liability for fraudulent transactions. Not all debit cards offer the same type of protection.

In the event of a successful phishing attack or malware infection, users should take these four steps:

  1. Change all passwords that could have been compromised.
  2. Make sure any accounts that might have been compromised are put on hold and monitored.
  3. Contact local police and file a report with the Federal Trade Commission.
  4. File a complaint with the FBI’s Internet Crime Complaint Center.

While the last step may seem too cumbersome if loss amounts are relatively small, it is important nonetheless since more information about holiday cybercrime gives law enforcement agencies a better chance at catching those responsible.

Cyber Monday is just around the corner, but along with great deals comes the specter of phishing attacks and highly infectious malware. To avoid getting scammed, increased awareness is key. Don’t let holiday spirit cloud better judgment and hack the season for everyone.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today