FBI Warns of Holiday Shopping Scams: What Your Business Should Know

Overview:

As the holiday shopping season reaches its peak with Cyber Monday, organizations are contending with high levels of cyber risk.

The online retail landscape is rife with hackers, and AI-powered tools have only compounded concerns.

In essence, cyber criminals are using sophisticated tactics to exploit individuals and corporations, and the FBI wants your team to know how to handle the heat.

The Retail Threat Landscape:

Check Point research shows that fraudulent websites have increased by nearly 90% in the last year. On top of that, roughly 75% of the electronic shopping offers hitting inboxes are scams, many of which are designed to install malware, steal information or both.

A 2023 report found that non-payment and non-delivery scams resulted in more than $309 million in losses last year. Credit card fraud led to an additional $173 million in financial devastation.

Against that backdrop, the U.S. Federal Bureau of Investigation (FBI) has released a new warning for holiday shoppers (a.k.a. your employees).

FBI Warning Details:

The FBI outlined several different scams that people and businesses are liable to get swept up in this year.

For businesses, the most significant danger arguably derives from the blurred lines between personal and professional digital spaces.

Bring-your-own-device (BYOD) policies can mean that a single careless online shopping moment can compromise an entire corporate network.

Protecting Your Business: Actionable Steps:

For IT managers and cyber security teams:

1. Implement strict BYOD protocols. Develop a comprehensive BYOD policy that clearly outlines acceptable use. Implement mobile device management (MDM) solutions that can enforce minimum security requirements and separate personal and work data. When employees are in the office, require all personal devices to be registered and technically approved before gaining network access

2. Leverage advanced phishing prevention solutions. Deploy machine learning-based email security platforms. Ensure that your tooling leverages natural language processing to identify the most evasive phishing attempts. Get a tooling that allows for real-time behavioral analysis of incoming communications. For further details about leading-edge email security solutions, click here.

3. Continuous real-time phishing simulation training. Deploy programs that allow for interactive, scenario-based learning on the part of employees. Consider micro-learning techniques for ongoing education.

For individuals:

1. Pay attention to the URL. Be sure to access websites through search engines, as opposed to via email-based links. Always double check the legitimacy of online shopping sites. Look for secure HTTPS connections, confirm that URLs are correct, and search for online reviews of a given store.

2. Protect personal and financial information. Consider using credit cards or payment services, like PayPal, that offer fraud protection. Create strong, unique passwords for each shopping account and enable two-factor authentication wherever possible. Exercise exceptional caution when it comes to providing sensitive details like your social security or national identity number.

3. Regardless of whether you’re on a work device or a personal device, avoid using public WiFi for online purchases. On these networks, you’re more likely to experience a Man-in-the-Middle attack, credit card theft, or any of a variety of other cyber crimes.

4. Avoid paying for items with pre-paid gift cards. In these scams, a vendor will instruct an individual to send them a gift card number and a PIN. Rather than using the gift card for payment, the scammer with disappear with the funds.

Further Insights:

Leverage advanced phishing prevention strategies, particularly during high-risk windows of time, like holiday shopping season.

If you would like more information about preventing cyber scams, please see this recent blog post. If you would like a demo of Check Point’s email prevention tooling, please click here.