Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

Phishing Attacks Source of Identity-Related Breaches New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.

It happens every year now; the need to find “just the right gift” for that special someone, along with all the deals, giveaways, and promotions that give consumers the upper hand in a sale are all the perfect mixture to create the urgency required for a successful phishing attack.

The retail industry in particular has been paying attention to the period between October 1^st and December 31^st – the critical time when everyone is focused on holiday spending. And, according to the 2022 Holiday Season Threat Trends Summary report from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), there are some trends that indicate where threat actors will be – once again – placing their attack focus. When respondents were asked what are their primary threat focuses this season, these 3 rose to the top:

Phishing & Credential Harvesting – responsible for an average of nearly 40% of the holiday season attacks in the last two years, retailers are expecting more phishing scams presenting themselves as “popular product promotions targeting consumers for personally identifiable information (PII) harvesting.”
Account Takeover – once credentials are harvested, it may be easy to leverage a compromised account as part of a larger fraud scam.
Gift Card Loyalty & Card Fraud – as anyone who doesn’t know what to get someone, gift cards are a very popular choice, making them the perfect scam to trick victims out of their credit card information and personal details.

While most of the retail sector is thinking about protecting the individual consumer, these same scams can just as easily be delivered to an inbox accessible from a corporate device, putting the organization at risk of malware infection, ransomware attack, business email compromise, and more. Regardless of the intended victim, the answer lies in education about phishing attacks, scams, and the use of credentials – something taught to corporate users through continual Security Awareness Training – to avoid becoming the next victim.

Holiday scams will continue for the foreseeable future, until every potential victim has a better understanding of what a phishing scam looks like and how to avoid it.

Get Your Free 2024 Holiday Security Awareness Resource Kit

It’s not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime! This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why we put together this resource kit to help ensure cybercriminals’ extra effort this season is for nothing! Use these resources to help your users make smarter security decisions every day.

Here's what you'll get: