Christmas shoppers worldwide are in full swing with the best deals, offers, and promotions in store and online, what’s not to love?
Data from banks and card issuers suggests consumers spent almost £9.2bn over the course of the Black Friday weekend. However, research also points to an extremely concerning spike in cyber attacks and fraudulent links sent around this time.
Beware of Phishing
Phishing emails have increased over tenfold in the last six weeks and currently, 1 in every 800 emails delivered is a malicious phishing attempt, compared to 1 in every 11000, at the start of October. These statistics are alarming, so it is important to take the necessary precautions to prevent your staff falling foul of malicious cyber crime.
Make sure your employees are vigilant when receiving emails claiming to have great discounts. It’s important to verify each and every sender, paying attention to the lettering, address, and extension. Phishing is by far the most common form of cyber attack.
For example, scammers may replace the letter O with a 0 or, add an extra letter to a company name in order to replicate their email address. Additionally, cyber criminals often use the time pressure of the weekend sales to their advantage, so be on guard.
By creating a sense of urgency, with a limited-time offer, or limited-supply announcement, criminals can encourage complacency and in a rush, your staff may fail to thoroughly vet the legitimacy of any given deal.
Additionally, be aware that the number of fake websites is steadily increasing, too. Fake websites will often be replicas of real businesses with the same product catalogue, but the key difference is you will never receive your order, and your business data will be compromised. Not only will you lose the cost of purchase but, this may lead to all of your company cards, and accounts, being available to the counterfeiters. Likewise, it’s important to make your customers aware of such scams.
Be Mindful of Magecart
A successful attack has the potential to cripple your business’ finances directly. The average loss attributed to a cyber attack amount to £4,294. This is significant, as research reveals that 40% of SMEs hold less than £10,000 in savings. As a result of cyber attacks, almost two in ten (18 per cent) small businesses reported that their client relationships had been damaged, while 13 per cent said that the attack had impacted the reputation of their business.
With an unprecedented number of shoppers relying on shopping online this year due to the pandemic, a focus for cybercriminals has been Magecart attacks, that inject malicious credit card skimming JavaScript code into online retailers’ HTML code. Magecart enables hackers to easily steal payment details and other personal data that consumers enter into online checkout forms. Magecart can be incredibly lucrative, and nearly undetectable. This type of attack can compromise all kinds of data, including full names, billing addresses, credit card details, phone numbers, passwords, and more.
Business data harvested from Magecart attacks is stored on criminally-controlled servers. It can take weeks before you realise that a domain checkout page has been compromised by the malicious code.
Denial of Service
Another common form of cyber attack is Denial of Service (DoS). Due to high-volume consumer activity, Black Friday and Cyber Monday are likely to be extremely valuable revenue streams for your business. These high-pressure sales environments are perfect for DoS attacks, which essentially block your websites from operating. These attacks are often used to blackmail companies, and request large sums of money, in exchange for the return of website operation. During these crucial shopping windows, you are likely to pay handsomely for the resumption of service, if you are being blackmailed. Hackers, of course, are aware of this, and seek to extort huge gains from you.
Unfortunately, these are only a few examples of the cyber attacks that can happen, especially during sales season. Considering that online shopping is most likely prevalent in your life and business, it is important to educate both yourself and all of your employees. Although it’s easy to fall into the “it won’t happen to me!” mentality, it is imperative to be realistic and understand that cyber crime can affect everyone. Big businesses, start-ups, individuals; everyone should be trained in both preventative methods and the right ways to react.
Cyber Security Awareness
Each and every member of your team has an important role to play in keeping your organisation safe. The risks are even higher at this time of year as employees may use work devices to take advantage of offers and sales. Therefore, having an effective cyber awareness programme and carrying out regular cyber security awareness training is critical to ensuring that your people understand key security risks. It can also help establish a more security-conscious culture across the organisation. As an organisation, knowing that your team have all received training in cyber security best practices will give peace of mind that the chances of a breach have been significantly reduced. As the cyber threats your organisation faces continually evolve, so should your training. Cyber awareness should be seen as an ongoing programme rather than just a one-off training course for new starters.
How can CyberCX help?
If you’re concerned about the threats of cyber attack and want to protect your organisation through cyber security education and training then get in touch to find out more about our education programmes in cyber security and prevention techniques.
