Cybercriminals Shopping For Consumers During Holiday Season

  • By Bradley Anstis
  • Nov 23, 2010

Cyber Monday is a term originally coined in 2005, when upon returning to the office after the extended Thanksgiving break, consumers hit their company’s high-speed Internet to start online shopping for the holidays.

While most consumers these days now have high-speed Internet available to them at home (or on their phone, or at their local coffee house) Cyber Monday has quickly become its own “holiday of shopping.”

Last year, according to the National Retail Federation, more than 96 million Americans shopped online the Monday after Thanksgiving -- and approximately 52 percent of all purchases were made from the workplace. While the obvious call for concern for corporations across the globe is the decrease in work productivity, the greater risk is the harm that these shoppers may be doing to their company’s networks, and the security risks corporate IT departments need to consider.

In the past, the threat of malware and viruses was mainly from adult-oriented and gambling websites; companies could easily block these sites completely, eliminating the security concern. The issue today is that up to 85 percent of all infected websites are “legitimate” websites that can harm a corporation’s network.

Unsuspecting employees can click on a link that appears to be advertising a great deal on shoes or toys and unknowingly infect their computer, or the system’s entire network. The Cybercriminals’ purpose is to infect as many victims as possible. To do that, they try to drive as many potential victims to their website through techniques such as Search Engine Optimization where a consumer might do a search for cheap watches and the Cybercriminal’s infected website might rank very highly in the search results, or they send out Spam messages with a link to the infected website.

These blended e-mail threats are very effective at making a deal sound so good and legitimate that consumers click on the link even though they never asked for the email in the first place.

Cyber Monday Predictions
ISACA, the leading non-profit information organization, recently released its predictions on behaviors and patterns for Cyber Monday and the entire 2010 online holiday shopping season. According to the organization’s survey-based predictions, there is good news along with worrisome predictions for the season ahead.

With the economy still in a slow recovery, the number of online shoppers in general is not expected to rise more than 5 percent from last year. From that, it’s being predicted that the number of consumers who plan on using work-supplied devices such as smart phones and computers to shop online will decrease dramatically -- 23 percent vs. 52 percent from last year. But corporate IT departments shouldn’t think they are off the hook, because while there will be less shopping, unfortunately consumers are going to be taking higher risks such as clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work email addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009).

Rise In Fraud
Online fraud is being perpetrated around the clock, 365 days of the year. It just so happens that because consumers are highly marketed to on Cyber Monday that they are more likely to be searching for the best possible deals around. This makes this time frame highly valuable for cybercriminals.

While consumers are used to looking out for frauds such as fake products or products that are not made from quality materials, in a time of belt-tightening consumers are more apt to shop rogue websites (for example, a site that sells highly valued shoes at what consumers would view as a "steal" of a deal). Throw in the growth in social shopping or daily “coupon deal” companies, and consumers are facing much more confusion on what is considered a legitimate site.

While it would seem that the obvious answer to this issue is to block all personal access to the Internet from the company’s network, currently only 11 percent of corporations do that. The rise of employees using their own personal devices for work functions in addition to the variety of devices people use to communicate today leaves this task virtually impossible. Additionally, the benefit of allowing employees to have access actually increases productivity and morale.

Educating Employees
The saying "if it's too good to be true, then it probably is" holds true. There's no such thing as a free lunch, or a free iPhone. Remind your employees of this. Give examples of how spammers can spoof a legitimate website’s email template and make it look authentic.

If an e-mail arrives in their inbox that reports on a sale, they will be more likely to analyze it thoroughly. If possible, recommend employees go directly to the website without clicking on the link in the email to verify the authenticity. (Better yet, recommend that employees first Google the website in question, if they’ve never heard of it -- often times, fraudulent websites are trending topics.)

If it's a specialized link, be sure to mouse over them first rather than blindly clicking on it, as links can be made to look legitimate but actually lead to a malicious page or phishing site.

While fraudulent products are always a concern, most cybercrimes involve banking/payment with the manipulation of the payment transaction. The consumer assumes they are placing a transaction with a legitimate party, providing their personal and credit card information over a secure transaction page without thinking about what this party might do with their information, or who else might get access to it.

If a payment transaction service like Paypal is being used, are you sure the page displayed is Paypal? Will you even get the goods? The best way to combat this is to remind employees to check with their bank to see what coverage they have for online shopping using their card in case of fraud, or perhaps change to a card that has good fraud protection coverage.

Also note that fraud goes beyond malware and stealing money and into what is done to your private information after the transaction is complete. No deal is a good deal if personal information is compromised. Consistent education and communication with your employees on these matters will help keep your network -- and your employees -- safer.

Featured

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.