Spotting Retail Scams During the Holiday Season

Retail Scams During Holiday SeasonPeople need to be particularly vigilant for scams as we approach the holiday shopping season, according to Laura Brooks at Tessian. Scammers always take advantage of seasonal trends, and the shopping season creates perfect opportunities for them to strike.

“Consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries,” Brooks writes. “Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages and prey on individuals who are not security savvy. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

Brooks adds that vendors also need to be wary of phishing attacks, particularly those that lean heavily on targeted social engineering.

“Vendor impersonation (also called vendor email compromise) is a persistent threat that many businesses are facing right now – one that has increased since the shift to remote working,” Brooks says. “In fact, Tessian research revealed that over a third (34%) of the phishing attacks organizations received between March – July 2020 purportedly came from an external supplier, while 26% supposedly came from a customer.”

Brooks concludes that user education is an “incredibly important” measure in combating phishing and other social engineering attacks.

“Hackers prey on the people-heavy nature of the retail industry,” Brooks says. “Using sophisticated social engineering techniques and clever impersonation tactics, they’re counting on people making a mistake and falling for their scams.”

New-school security awareness training can enable your employees to recognize social engineering tactics in their personal and professional lives.

Tessian has the story.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews