‘Tis the season for cyber-scams, according to the new Holiday Threat Report from Carbon Black. The report compared cyber-attack data over the last two years and found that once cyber-attacks spike on Cyber Monday, they will likely remain elevated throughout the holiday season.
The holiday season of 2016 saw a 20.5% surge in attempted attacks, but by 2017 global organizations encountered a 57.5% increase in attempted attacks during the holiday shopping season, with the greatest number of attempts happening in the days following Christmas, according to the research.
“The majority of these attempted holiday-related cyberattacks were the result of commodity malware, commonly delivered through spear-phishing campaigns. In recent years, attacks targeting major retailers (often through supply chain partners) have resulted in the loss of millions of customer records and credit card numbers as well as major breach costs for the targeted organizations,” the report stated.
The report also found that employees who worked remotely while traveling were the target of spear-phishing campaigns offering discounted airfare or gift card deals.
“The holiday season is one of the most opportune times for cyber-criminals, who look to take advantage of unsuspecting consumers with spear-phishing emails promising holiday deals that are too good to be true,” said Tom Kellermann, chief cybersecurity officer, Carbon Black.
“As a consumer, it’s important to pay extra attention to an email’s grammar, URLs and sender alias. If anything seems ‘phishy,’ do not open, acknowledge or click through. Additionally, never download attachments or open links unless coming from a verified, trusted source. If anything seems off, immediately seek verification,” said Kellermann.
“For businesses, the holiday shopping season is a time to prioritize vigilance while safeguarding sensitive data, with attempted cyber-attacks against businesses increasing an alarming rate between Black Friday and New Year’s Day. Retail businesses specifically are often understaffed while operating during the busiest time of year, meaning cybersecurity can sometimes take a backseat–creating an ideal situation for cyber-criminals.”