BLOG ARTICLE

Business alert: Protect against rising holiday cybersecurity threats

With the holiday season fast approaching, businesses must take steps to safeguard themselves against the upcoming annual increase in cybersecurity threats.

A cybercriminal uses a laptop and targets holiday shoppers. A shopping cart is displayed above, a warning of the threat.

Leading up to the holiday period, busy consumers turn to online stores as a preferred shopping method, and most businesses expect to see a rise in profits. But while e-commerce activity and sales increase, so do the opportunities for cybercriminals, and the effects on businesses – as well as their customers – can be devastating. 

The second half of 2023 saw a 110% rise in gift card fraud and a collective surge of over 700% in scraping, loyalty card, and payment card fraud.

The annual spike in holiday season cyber fraud is a major concern for e-commerce, banking, and many other businesses that focus on the retail, travel, or hospitality space, encouraging them to rethink how they protect their assets, reputations, and customers. All businesses must adopt proactive preventative measures ahead of the holiday season to combat the increase in cybersecurity threats during this time.

The words 'Online Shopping' are displayed on a laptop, with a background of shopping icons. It shows a buyer's experience.

Holiday cyberthreat evolution: Understanding the changing nature of risks

The growing popularity of online shopping during the 90s led to a rise in cybersecurity threats like website vandalism (which saw attackers modifying companies’ websites without their knowledge) and basic phishing. In 2010, e-commerce platforms like Amazon contributed to seasonal sales reaching $648 million, while global cybercrime losses hit $388 billion.

 

In 2023, holiday e-commerce sales grew to $221.1 billion, but as profits soared, so did cybersecurity threats, particularly AI-powered phishing. On top of that, companies such as 23andMe.com were forced to address credential stuffing attacks. The cybercriminal responsible was able to gain access to around 14 000 accounts, and the company has since notified those affected and increased security measures.

 

With 2024’s holiday season around the corner, organizations must prepare to defend against an increase in phishing, generative AI, and social engineering attacks. In the next section, we’ll cover how you can safeguard your company and customers against these threats.

A closer look: What causes the rise in holiday cybersecurity threats?

The holiday season is a prime time for cybercriminals to strike using tactics like fake charities, knockoff online stores, and gift card scams to achieve their malicious aims. But why is this season such a magnet for cybercrime? Here are a few reasons:

1. Increased transactions & e-commerce

The holiday season sees a big jump in online shopping activity, with many customers taking advantage of Black Friday sales and buying gifts for loved ones.

 

One of the most popular attack methods over the holidays is gift card-related fraud, totaling losses of $217 million last year. Cybercriminals often target consumers who don’t necessarily know the risks of gift cards, taking advantage of their vulnerability. Gift cards’ continued popularity – 50% of U.S. consumers planned to buy gift cards in 2023 due to convenience – worsens the issue as shoppers may focus more on ease of use than on the risks involved. 

 

Another type of attack on the rise during the holidays is typosquatting – where cybercriminals slightly misspell the domains of well-known e-commerce websites. This tactic is closely related to lookalike domains, which use visual similarities in URLs to trick customers. The end goal of both is to scam shoppers into believing that they’re buying from a trusted, legitimate website. 

2. Email-related threats

Many consumers expect an increase in promotional emails as the end of the year approaches. While online stores advertise their seasonal sales, cybercriminals aim to dupe vulnerable customers through phishing, spoofing, and impersonation attacks.  

  

E-commerce giant Amazon has started issuing warnings to help educate shoppers and prevent them from falling victim to threat actors. The company reported that phishing incidents doubled in the second half of 2023, with the most common tactic involving scammers impersonating Amazon representatives to steal customer data.  

 

“A big red flag is when they start to ask for money or payment information over the phone or by email. That’s something we would never do,” said Scott Knapp, Amazon’s Director of Worldwide Buyer Risk Prevention.

3. Distracted workforce

Employees are more distracted over the holiday period, either focusing on upcoming personal events or experiencing an increase in holiday-related work tasks like managing last-minute sales, processing higher volumes of customer inquiries, and handling holiday promotions.  

 

This overwhelm often creates more opportunities for social engineering attacks, fraudulent requests, and unauthorized transactions to go unnoticed, making businesses more vulnerable to cyberattacks during this season. 

Strengthening your business’s cybersecurity ahead of the holiday season is essential to its protection. Check your vulnerability to impersonation now with a free email domain check. 

A shopping bag made up of abstract digital patterns features a lock symbol in the center of it.

Protect your business: Top cybersecurity tips for the holidays

1. Increase email security with DMARC

In 2023’s fourth quarter, over 1 million phishing attacks were recorded, which contributed to the 317.59 million global ransomware attacks seen last year. Boost your business’s protection this holiday season by upgrading your email security. To properly defend your organization, it’s important to protect against both inbound and outbound email threats.

 

By implementing a Domain-based Message Authentication, Reporting, and Conformance (DMARC) solution with a p=reject policy, your business can be sure that fraudulent emails won’t reach customers’ inboxes. 

2. Regularly update software

Outdated software is easily exploited, making it vital to ensure regular updates year-round. This not only keeps software running smoothly but also reduces the risk of overloading or system failures during the busy holiday season. 

3. Implement multi-factor authentication (MFA)

MFA provides an extra layer of security that can protect sensitive information and customer data. This added security barrier is especially helpful during the holiday season when employees may be distracted. Earlier this year, Microsoft reported that 99.9% of compromised accounts on the platform did not use MFA, highlighting the protocol’s importance in protection. 

4. Level-up cybersecurity awareness

Keeping your staff updated on the latest cybercrime trends is a surefire way to protect against holiday cyberattacks. Strengthen your organization’s defenses through security awareness training or helpful free resources to educate them on top threats. Achieve peace of mind knowing your employees are aware of the warning signs and know what steps to take.

5. Outsource cybersecurity services

Industry experts will be able to spot weaknesses in your defense and help repair them before any serious damage occurs – this will help your business stay safe, even with reduced staff over the holiday period.  

 

Consider partnering with a cybersecurity company like Sendmarc; we work with Managed Service Providers (MSPs) to protect businesses from impersonation, financial loss, and reputational damage. 

Interested in learning more about DMARC and how it can help shield your business and stakeholders from email-based cybersecurity threats this holiday season? Reach out today. 

Share

LATEST ARTICLES

SSO Integration Blog Card Image | Sendmarc | Dmarc Protection and Security

Why SSO Is Essential for the Modern Business

Explore Single Sign-On (SSO) features, benefits, and integration options, and learn how it strengthens your business’s cybersecurity.
DMARC Policy Blog Card Image | Sendmarc | Dmarc Protection and Security

Understanding DMARC policies – p=none, p=quarantine, p=reject

Discover how implementing the right DMARC policy in your business can stop email impersonation, protect brand reputation, and boost deliverability.
Close up of a laptop keyboard and lower screen with illuminated red envelopes and code popping off the screen

Assess your business’s email risks this Cybersecurity Awareness Month

Explore top threats to your business and how to defend them in Cybersecurity Awareness Month. Read our latest article and get the free Cyberthreat Report.