X-Industry

Holiday Retail Cyber Scams

Posted by Jim McKee on December 17, 2024 at 8:00am

13330566897?profile=RESIZE_400xDarktrace reported on 04 December 2024 a surge in retail cyberattacks at the opening of the 2024 holiday shopping season. Analysis from Darktrace's threat intelligence team using data from across the Darktrace customer fleet shows that during Black Friday week (November 25-29), attempted Christmas-themed phishing attacks leaped 327%[1] around the world, while Black Friday-themed phishing attacks jumped 692% compared to the beginning of November (4-9)[2], as bad actors seek to take advantage of consumers and holiday brands during the busy shopping period.

The United States retail sector faced an incredibly aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands[3], including Walmart, Target, and Best Buy, increasing by more than 2,000% during peak shopping periods.
The analysis also highlighted the shifting attention of scammers as the festive season arrives, from targeting business to consumer needs, with the impersonation of major consumer brands[4] growing 92% globally between the analyzed periods while mimicking of workplace brands [5] declined by 9%.

See: https://redskyalliance.org/xindustry/tis-the-season-for-scamming-again

Brands, preeminent retailers like those analyzed, invest significantly in protecting themselves and their customers from scams and cyberattacks and often step up those measures for the holiday period. However, brand impersonation in phishing occurs entirely outside retailers' legitimate infrastructure and security controls and happens at too great a volume for brands to catch and stop every instance. While new technologies, like AI, are helping security teams close the gap, brand impersonation remains a common challenge for brands. "The festive shopping season creates a perfect storm for cybercriminals," Nathaniel Jones, VP of Threat Research at Darktrace, said. "Consumers are primed to expect floods of retail deals, while retailers are processing tremendous transaction volumes quickly. This combination makes spotting suspicious patterns more challenging than any other part of the year. Bad actors taking advantage of that with brand impersonation is nothing new, but the rapidly growing volume of those attacks makes them a real worry," Jones added. "Both consumers and brands need to be increasingly alert to potential scams, but we can all take heart that big-name retailers have some of the most sophisticated protections possible to help safeguard their customers and technologies like AI cybersecurity, that spot spoofs and attacks that humans wouldn't, are catching and stopping more of these attacks than ever before."

Darktrace's findings demonstrate some of the most common brand spoofing strategies attackers use during the holiday season. In one strategy, brand impersonation phishing, attackers send a phishing email designed to look like a favorite retailer, enticing their target to click a link for a discount when, in fact, the link downloads malware to their device.

The most effective attacks are multi-stage: brand impersonation emails lead unsuspecting shoppers to websites that look like the retailer but harvest login or payment details, creating a seamless deception that hands personal and financial data directly to attackers. This coordinated approach exploits the chaos of holiday sales, when shoppers are primed to expect high volumes of retail emails and website traffic promoting significant savings.

Five essential security measures for retailers - With the festive season in full swing, retailers must stay vigilant against rising cyber threats. Here are five tips to help businesses protect themselves and their customers:

  1. Make logins secure - Ensure all staff have strong passwords (12-16 characters). Set up multi-factor verification across all business systems. This extra layer of security means that even if passwords are compromised, unauthorized users can't access your accounts during the busy retail period and use them to target your customers.
  2. Lock down email - Call your IT team to ask if they have DMARC switched on. DMARC stops scammers from sending emails that look like they’re from your company and helps you see who is illegitimately sending from your email domain to protect your brand
  3. Prepare your team - Regular security training and business-wide communications help staff identify and report seasonal scams. Focus on current threats and emerging patterns—when your team knows what to look for, they become your strongest defense against cyber-attacks.
  4. Monitor brand impersonation - Set up Google Alerts to track mentions of your brand and warn you of counterfeit websites and fraudulent domains. Also lock down your brand name with official registrations. This makes spotting and shutting fake accounts and copycat websites easier. Several brand protection tools out there can help catch imposters, too. Quick detection enables you to respond rapidly to brand exploitation and protect your customers from sophisticated scams.
  5. Strengthening payment processes - Implement tiered access policies with stricter controls for finance team members who handle transactions. Apply more rigorous authentication and monitoring requirements compared to non-financial roles, ensuring sensitive payment operations are limited to authorized personnel.

 

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com

• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424

 

Sources:
[1] Based on an analysis of 626 customer deployments and attempted phishing emails mentioning Christmas that were detected by Darktrace / EMAIL.
[2] Emails in the analysis mentioning "Black Friday" or "Cyber Monday."
[3] Walmart, Target, Best Buy, Macy's, Old Navy, 1-800-Flowers
[4] Amazon, eBay, Netflix, Alibaba, PayPal, Apple
[5] Oracle, Zoom, Adobe, Microsoft Exchange, Microsoft Outlook, Microsoft Teams, Slack, WeTransfer, DocuSign, SharePoint, LinkedIn, Dropbox

Views: 6
Tags: tr-24-351-003, holiday scams, black friday scams, cyber monday scams, online shopping scams, e-commerse scams, gift card scams, holday phishing scams, fake online store
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!