cyber attacks during the holidays
By
Ross Ingersoll, Holmes Murphy Executive Risk and Cyber Account Executive

It’s the season of giving, but word of warning, be careful of who you may be giving to. Let me explain. Earlier in 2019, online retail sales surpassed general merchandise stores for the first time ever. The days of internet and online shopping being just a “fad” have come a long way and, with evolvements such as advanced click-and-collect operations, ecommerce has never been simpler.

However, along with these changing times has come the evolution of crime. Criminals no longer need to wear ski masks and kick down doors. Instead, they’ve adapted with the times and conduct their “business” via the cyberspace — seeking to steal information through network hacking, ecommerce site breaches, point-of-sale breaches, and card skimming that they can then turnaround and sell in bulk on the dark web. Add in the holidays, and now we’ve got an even bigger opportunity for criminals.

With holiday season sales this year projected to exceed $1 trillion and 80 percent of consumers preferring to pay using a debit or credit card, you could say business is booming for cyber criminals. Consumers must be aware of exposures and how to protect themselves from falling victim.

In a recent installment of “Ask the Cybersecuirty Expert” hosted by Beazley, Sherri Davidoff, CEO of LMG Security, shed light on what criminals are doing to stay on the naughty list during the holiday season. Here’s a look at some of Sherri’s key points:

  • Infected e-cards. Holiday cards can spread cheer — and also malware. Criminals love to send cute holiday e-cards which entice you to click a link, but once you do, your computer is infected with malware that can steal your online banking credentials, credit card numbers, and more.
  • E-skimming. Cybercrime through web applications represents 63 percent of all theft, up significantly from 5 percent in 2014. Modern criminals target ecommerce sites and, in many cases, they break into third-party software providers to inject malicious code into thousands of websites at once. The code is designed to steal customer payment data as it is entered. Major retailer Macy’s fell victim to this already this holiday season.
  • Gift card scams. Gift cards are safe, secure, and an often thought of gift option with it ending up on 59 percent of people’s wish lists. Criminals are well aware of this popularity and, like in many cases these days, they have found a way to exploit it. Scammers impersonate your CEO or another executive and send emails to the office manager, executive assistant, or other staff asking them to purchase gift cards. Criminals leverage secrecy and urgency, as the cards are a surprise gift or reward for employees. The victim sends the card details to the scammer, who steals them and cashes out.
  • Fake retail deals. Do those deals you see sound too good to be true? Cybercriminals love to lure consumers into clicking on fake offers. Often, these phishing emails perfectly mirror real email blasts sent by Amazon or other big names.
  • Fake delivery notices. Trying to keep track of all your online deliveries to make sure they are arriving on time? Scammers pray on this, sending emails purporting to be from a shipping company such as UPS or FedEx and alerting you to track your package or that your package is delayed. These emails will contain links that seek to rob you of your personal information or download viruses into your computer.
  • Point-of-sale and ATM skimmers. Look carefully at that ATM or point-of-sale terminal before you insert your debit or credit card. Criminals can place “skimmers” to steal your credit or debit card number as you swipe.

So what can you do to protect yourself?

  • Consider using a mobile payment system, such as Apple Pay, Google Pay, etc.). Digital wallet platforms are a fantastic security measure since the wallet does not pass payment card details during the transaction. Instead, they substitute this sensitive data with a token equivalent that has no extrinsic or exploitable value.
  • Always think before you click. If you elect to click on a link within an email, hover your cursor over it first to preview where it will take you. If it is a straightforward URL, you’re likely OK. But, if it is a longwinded, jumbled site, stay away. Better yet, alternatively, type the store’s address directly into your browser to look for the holiday offers on the website, track your order, etc.
  • Look at devices carefully before using. At physical point-of-sale or ATM terminals, look carefully at card readers and PIN pads for unusual signs, such as cracks, loose parts, convex features, or scratches. If you notice anything suspicious, don’t use that machine.
  • Never assume. Don’t assume a message that looks like it’s from a friend or business associate is real. Call or email the person from predetermined contact information to confirm the legitimacy prior to opening an attachment, following through with a purchase or transfer of funds, or clicking on a link.
  • Carefully consider the security of a website. Is the web address a URL with HTTPS, which adds a layer of encryption? Is there a visible privacy policy at the bottom of every page detailing the data they are collecting and how they are using it? Is the site requesting any unnecessary or unusual personal or financial information?
  • Install and maintain anti-virus software, firewalls, and email filters to reduce fraudulent traffic. Additionally, set this software to update automatically.

Worst case, if you have been a victim of an online scam or any other cyber fraud, report it to the FBI’s Internet Crime Compliant Center or call your local FBI office as soon as possible.

Be safe out there and happy holidays!