Cybercriminals Shopping For Consumers During Holiday Season

  • By Bradley Anstis
  • Nov 23, 2010

Cyber Monday is a term originally coined in 2005, when upon returning to the office after the extended Thanksgiving break, consumers hit their company’s high-speed Internet to start online shopping for the holidays.

While most consumers these days now have high-speed Internet available to them at home (or on their phone, or at their local coffee house) Cyber Monday has quickly become its own “holiday of shopping.”

Last year, according to the National Retail Federation, more than 96 million Americans shopped online the Monday after Thanksgiving -- and approximately 52 percent of all purchases were made from the workplace. While the obvious call for concern for corporations across the globe is the decrease in work productivity, the greater risk is the harm that these shoppers may be doing to their company’s networks, and the security risks corporate IT departments need to consider.

In the past, the threat of malware and viruses was mainly from adult-oriented and gambling websites; companies could easily block these sites completely, eliminating the security concern. The issue today is that up to 85 percent of all infected websites are “legitimate” websites that can harm a corporation’s network.

Unsuspecting employees can click on a link that appears to be advertising a great deal on shoes or toys and unknowingly infect their computer, or the system’s entire network. The Cybercriminals’ purpose is to infect as many victims as possible. To do that, they try to drive as many potential victims to their website through techniques such as Search Engine Optimization where a consumer might do a search for cheap watches and the Cybercriminal’s infected website might rank very highly in the search results, or they send out Spam messages with a link to the infected website.

These blended e-mail threats are very effective at making a deal sound so good and legitimate that consumers click on the link even though they never asked for the email in the first place.

Cyber Monday Predictions
ISACA, the leading non-profit information organization, recently released its predictions on behaviors and patterns for Cyber Monday and the entire 2010 online holiday shopping season. According to the organization’s survey-based predictions, there is good news along with worrisome predictions for the season ahead.

With the economy still in a slow recovery, the number of online shoppers in general is not expected to rise more than 5 percent from last year. From that, it’s being predicted that the number of consumers who plan on using work-supplied devices such as smart phones and computers to shop online will decrease dramatically -- 23 percent vs. 52 percent from last year. But corporate IT departments shouldn’t think they are off the hook, because while there will be less shopping, unfortunately consumers are going to be taking higher risks such as clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work email addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009).

Rise In Fraud
Online fraud is being perpetrated around the clock, 365 days of the year. It just so happens that because consumers are highly marketed to on Cyber Monday that they are more likely to be searching for the best possible deals around. This makes this time frame highly valuable for cybercriminals.

While consumers are used to looking out for frauds such as fake products or products that are not made from quality materials, in a time of belt-tightening consumers are more apt to shop rogue websites (for example, a site that sells highly valued shoes at what consumers would view as a "steal" of a deal). Throw in the growth in social shopping or daily “coupon deal” companies, and consumers are facing much more confusion on what is considered a legitimate site.

While it would seem that the obvious answer to this issue is to block all personal access to the Internet from the company’s network, currently only 11 percent of corporations do that. The rise of employees using their own personal devices for work functions in addition to the variety of devices people use to communicate today leaves this task virtually impossible. Additionally, the benefit of allowing employees to have access actually increases productivity and morale.

Educating Employees
The saying "if it's too good to be true, then it probably is" holds true. There's no such thing as a free lunch, or a free iPhone. Remind your employees of this. Give examples of how spammers can spoof a legitimate website’s email template and make it look authentic.

If an e-mail arrives in their inbox that reports on a sale, they will be more likely to analyze it thoroughly. If possible, recommend employees go directly to the website without clicking on the link in the email to verify the authenticity. (Better yet, recommend that employees first Google the website in question, if they’ve never heard of it -- often times, fraudulent websites are trending topics.)

If it's a specialized link, be sure to mouse over them first rather than blindly clicking on it, as links can be made to look legitimate but actually lead to a malicious page or phishing site.

While fraudulent products are always a concern, most cybercrimes involve banking/payment with the manipulation of the payment transaction. The consumer assumes they are placing a transaction with a legitimate party, providing their personal and credit card information over a secure transaction page without thinking about what this party might do with their information, or who else might get access to it.

If a payment transaction service like Paypal is being used, are you sure the page displayed is Paypal? Will you even get the goods? The best way to combat this is to remind employees to check with their bank to see what coverage they have for online shopping using their card in case of fraud, or perhaps change to a card that has good fraud protection coverage.

Also note that fraud goes beyond malware and stealing money and into what is done to your private information after the transaction is complete. No deal is a good deal if personal information is compromised. Consistent education and communication with your employees on these matters will help keep your network -- and your employees -- safer.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
Most   Popular

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities