People need to be particularly vigilant for scams as we approach the holiday shopping season, according to Laura Brooks at Tessian. Scammers always take advantage of seasonal trends, and the shopping season creates perfect opportunities for them to strike.
“Consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries,” Brooks writes. “Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages and prey on individuals who are not security savvy. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”
Brooks adds that vendors also need to be wary of phishing attacks, particularly those that lean heavily on targeted social engineering.
“Vendor impersonation (also called vendor email compromise) is a persistent threat that many businesses are facing right now – one that has increased since the shift to remote working,” Brooks says. “In fact, Tessian research revealed that over a third (34%) of the phishing attacks organizations received between March – July 2020 purportedly came from an external supplier, while 26% supposedly came from a customer.”
Brooks concludes that user education is an “incredibly important” measure in combating phishing and other social engineering attacks.
“Hackers prey on the people-heavy nature of the retail industry,” Brooks says. “Using sophisticated social engineering techniques and clever impersonation tactics, they’re counting on people making a mistake and falling for their scams.”
Tessian has the story.