Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Spotting Retail Scams During the Holiday Season

    Retail Scams During Holiday SeasonPeople need to be particularly vigilant for scams as we approach the holiday shopping season, according to Laura Brooks at Tessian. Scammers always take advantage of seasonal trends, and the shopping season creates perfect opportunities for them to strike.

    “Consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries,” Brooks writes. “Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages and prey on individuals who are not security savvy. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

    Brooks adds that vendors also need to be wary of phishing attacks, particularly those that lean heavily on targeted social engineering.

    “Vendor impersonation (also called vendor email compromise) is a persistent threat that many businesses are facing right now – one that has increased since the shift to remote working,” Brooks says. “In fact, Tessian research revealed that over a third (34%) of the phishing attacks organizations received between March – July 2020 purportedly came from an external supplier, while 26% supposedly came from a customer.”

    Brooks concludes that user education is an “incredibly important” measure in combating phishing and other social engineering attacks.

    “Hackers prey on the people-heavy nature of the retail industry,” Brooks says. “Using sophisticated social engineering techniques and clever impersonation tactics, they’re counting on people making a mistake and falling for their scams.”

    New-school security awareness training can enable your employees to recognize social engineering tactics in their personal and professional lives.

    Tessian has the story.

     

    Return To KnowBe4 Security Blog

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2Here's how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user's inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

    Get Your Phish Alert Button

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/free-phish-alert

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews