Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season



Phishing Attacks Source of Identity-Related BreachesNew data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.

It happens every year now; the need to find “just the right gift” for that special someone, along with all the deals, giveaways, and promotions that give consumers the upper hand in a sale are all the perfect mixture to create the urgency required for a successful phishing attack.

The retail industry in particular has been paying attention to the period between October 1st and December 31st – the critical time when everyone is focused on holiday spending. And, according to the 2022 Holiday Season Threat Trends Summary report from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), there are some trends that indicate where threat actors will be – once again – placing their attack focus. When respondents were asked what are their primary threat focuses this season, these 3 rose to the top:

  1. Phishing & Credential Harvesting – responsible for an average of nearly 40% of the holiday season attacks in the last two years, retailers are expecting more phishing scams presenting themselves as “popular product promotions targeting consumers for personally identifiable information (PII) harvesting.”
  2. Account Takeover – once credentials are harvested, it may be easy to leverage a compromised account as part of a larger fraud scam.
  3. Gift Card Loyalty & Card Fraud – as anyone who doesn’t know what to get someone, gift cards are a very popular choice, making them the perfect scam to trick victims out of their credit card information and personal details.

While most of the retail sector is thinking about protecting the individual consumer, these same scams can just as easily be delivered to an inbox accessible from a corporate device, putting the organization at risk of malware infection, ransomware attack, business email compromise, and more. Regardless of the intended victim, the answer lies in education about phishing attacks, scams, and the use of credentials – something taught to corporate users through continual Security Awareness Training – to avoid becoming the next victim.

Holiday scams will continue for the foreseeable future, until every potential victim has a better understanding of what a phishing scam looks like and how to avoid it.


Get Your Free 2022 Holiday Security Awareness Resource Kit

It's the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel, and time constraints can make it easier to catch users off their guard with relevant schemes. That's why we put together this resource kit to help your users make smarter security decisions every day.

Holiday-Kit-2022-P-1Here's what you'll get:

  • Free video module for your users "Stay Safe for the Holidays", available in 10 languages
  • Free training module for your users "Staying Safe for the Holidays", available in nine languages
  • Resources to share with your users including and educational video, plus security documents and digital signage to reinforce the free modules included in the kit
  • Newsletters about holiday shopping and travel safety for your users
  • Access to resources for you to help with security planning for the upcoming year

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/holiday-resource-kit

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews