Featured Posts

Boosting email security awareness
December 18, 2024
Read Post
The role of phishing simulations in advancing security awareness and culture
December 4, 2024
Read Post
How to avoid LinkedIn scams
November 20, 2024
Read Post

Shopping reaches its peak during the holiday season, in particular online shopping.

Unfortunately, that means it’s the ideal time for cyber criminals to take advantage of consumers and businesses. Whether it’s Cyber Monday, Christmas, or Boxing Day, fraud attempts have historically increased during the holiday season.

Australians lost more than $2.7 billion to scams in 2023, with around 600,000 reports recorded through ScamWatch (an 18% increase on 2022)

To help keep your organisation and their family members cyber safe, here are the 4 most common holiday scams that can negatively affect companies during the holiday season.

Phishing-as-a-service (PhaaS)

Many organisations are victimised by phishing-as-a-service (PhaaS) and this has become an important reason why businesses need to protect themselves against cyber attacks. Purchasing the software for Phishing is cheap and easy for criminals on the dark web, and the benefits are huge. This criminal service operates similar to a legitimate SaaS, where a vendor sells a licence for Phishing software and templates to an individual or syndicate, and then keeps a percentage of the 'revenue' or a monthly license fee.

When it comes to holiday scams, cyber criminals typically target customer information like payment details. With PhaaS, cyber criminals use their skills to assist or recruit others to commit cybercrimes.

Cyber criminals typically aim to conduct business on the dark web and sell their products and services consisting of stolen personal information, card details, target lists, and fake domains.

PhaaS allows criminals to easily, cheaply, and frequently commit cyberattacks against unassuming customers and businesses. These attacks are typically targeted at, or impersonating major brands and are most prominent over holiday periods where a lot of online shopping or parcel deliveries will be expected.

Businesses can take steps like training employees on how to spot suspicious emails using phishing simulation training, check for increases in bot traffic, keeping anti-virus software updated, and authenticating emails to avoid falling victim to PhaaS.

Fraudulent package delivery notices

The holiday season is the biggest time of the year when people send and receive gifts. One of the most significant elements of the season is that there are packages arriving at unexpected times without prior notice.

This is something that cyber criminals are aware of and can even send realistic-looking delivery failure notifications to your customers so that they will contact you and perhaps reveal their personal information in order to reach your establishment.

While your business may not be liable for such scenarios it can create a bad impression about your business to your customer and other customers who may deduct that your business does not have the proper security infrastructure to protect customer details.

This is why your business should have a proper notification system that informs the customer at every step of the delivery process so that they are always informed about the delivery of their goods.

Grinch Bots

Grinch Bots are automated programs that scour retail websites to purchase items in bulk the moment they become available. Named after the famous Dr. Seuss character, these bots don’t just steal Christmas—they hijack the joy of shopping by hoarding popular items, which can then resold at exorbitant prices on secondary marketplaces, or even drive traffic to a scam website. They’re often used to target high-demand products like gaming consoles, sneakers, or exclusive collectibles and event tickets.

These bots work faster than any human could, bypassing CAPTCHAs and other security measures to complete purchases in minutes. As a result, many genuine shoppers find "out of stock" notices almost immediately.

This often leads shoppers to seek alternative retailers to purchase from. Scammers exploit this by sending phishing emails, or ads in social media with fake deals or counterfeit products - in effect double-dipping on this retail scam. Always verify URLs and avoid clicking on unfamiliar links, especially those promising "unbeatable" prices.

E-card danger

E-cards have made a comeback since 2020 and have seen significant growth over the years.

One of the most inviting aspects of an e-card is that it can be sent to anyone in the world at any time, which is also what makes this a favourite among cyber criminals.

Whether you’re an individual or a business, everyone receives e-cards that spread holiday cheer, but unfortunately, cyber criminals have designed e-cards that can install data-leaching programs on your device and do untold damage without your knowledge.

For businesses, this can be a daunting prospect as many suppliers, clients, and other stakeholders send holiday greetings over emails and fraudulent emails can get lost in the mix. An unsuspecting employee could create a lot of damage by opening the wrong email even though they may not be familiar with the sender thinking that it’s a harmless holiday greeting.

Advising employees to steer clear of emails from unknown senders and identifying emails that seem out of the ordinary can be malicious emails and should be notified to your IT department.

Offering mandatory cyber security training programs that focus on holiday scams can be a great exercise in ensuring that your employees can identify and take the proper precautions to prevent data breaches.  

Mobile device scams

Businesses often provide employees with company-maintained devices like laptops, mobile phones, and tablets that help them perform their jobs from remote locations around the world.

One of the biggest ways that holiday scams can impact you is through mobile games or apps. Imagine you’re waiting to take a flight home for the holidays and while you’re waiting for your flight to board you open your device and install a game or app to pass time. Mobile games can steal your password and other data from your device. Doing a quick search about the validity of the app can give you a good idea about whether it’s safe to download.

Be sure to read the permissions on the app carefully. Some apps may include a request that asks your permission to send your data to a third party – a step that might not be essential for the apps useability.

With most people using their official mobile devices for personal use as well as business, the risk of this happening is quite large, especially during the holidays when employees tend to browse the web and try out different apps. Protect your employees by putting the education in the palm of their hands with our mobile phone and tablet education course as part of our cyber security awareness training.

Preventing holiday scams starts with the individual

Let's make the strongest link in any organisation human behaviour. The best way to prevent holiday scams from sailing away with your sensitive information is through awareness and education.

If you would like a confidential in-depth chat about how we can help you, please reach out to our team today on 1300 407 682 or info@phriendlyphishing.com.au  

Subscribe to Phriendly Phishing Updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
COMPANY
About UsBlogFAQContact UsPartner Information
SOLUTIONS
Phishing Awareness TrainingSecurity Awareness TrainingEnterprise Security AwarenessSMB Security AwarenessUSB Drop Testing & ReportingPhish Focus Email Triage
RESOURCES
Case StudiesTraining Buyer's GuideCourse CatalogueOnline Knowledge BaseAccount LoginCyber Security Awareness MonthWebinarsPodcasts

Phriendly Phishing Copyright © 2024

Privacy Policy | Terms and Conditions