Cybercriminals Shopping For Consumers During Holiday Season

  • By Bradley Anstis
  • Nov 23, 2010

Cyber Monday is a term originally coined in 2005, when upon returning to the office after the extended Thanksgiving break, consumers hit their company’s high-speed Internet to start online shopping for the holidays.

While most consumers these days now have high-speed Internet available to them at home (or on their phone, or at their local coffee house) Cyber Monday has quickly become its own “holiday of shopping.”

Last year, according to the National Retail Federation, more than 96 million Americans shopped online the Monday after Thanksgiving -- and approximately 52 percent of all purchases were made from the workplace. While the obvious call for concern for corporations across the globe is the decrease in work productivity, the greater risk is the harm that these shoppers may be doing to their company’s networks, and the security risks corporate IT departments need to consider.

In the past, the threat of malware and viruses was mainly from adult-oriented and gambling websites; companies could easily block these sites completely, eliminating the security concern. The issue today is that up to 85 percent of all infected websites are “legitimate” websites that can harm a corporation’s network.

Unsuspecting employees can click on a link that appears to be advertising a great deal on shoes or toys and unknowingly infect their computer, or the system’s entire network. The Cybercriminals’ purpose is to infect as many victims as possible. To do that, they try to drive as many potential victims to their website through techniques such as Search Engine Optimization where a consumer might do a search for cheap watches and the Cybercriminal’s infected website might rank very highly in the search results, or they send out Spam messages with a link to the infected website.

These blended e-mail threats are very effective at making a deal sound so good and legitimate that consumers click on the link even though they never asked for the email in the first place.

Cyber Monday Predictions
ISACA, the leading non-profit information organization, recently released its predictions on behaviors and patterns for Cyber Monday and the entire 2010 online holiday shopping season. According to the organization’s survey-based predictions, there is good news along with worrisome predictions for the season ahead.

With the economy still in a slow recovery, the number of online shoppers in general is not expected to rise more than 5 percent from last year. From that, it’s being predicted that the number of consumers who plan on using work-supplied devices such as smart phones and computers to shop online will decrease dramatically -- 23 percent vs. 52 percent from last year. But corporate IT departments shouldn’t think they are off the hook, because while there will be less shopping, unfortunately consumers are going to be taking higher risks such as clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work email addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009).

Rise In Fraud
Online fraud is being perpetrated around the clock, 365 days of the year. It just so happens that because consumers are highly marketed to on Cyber Monday that they are more likely to be searching for the best possible deals around. This makes this time frame highly valuable for cybercriminals.

While consumers are used to looking out for frauds such as fake products or products that are not made from quality materials, in a time of belt-tightening consumers are more apt to shop rogue websites (for example, a site that sells highly valued shoes at what consumers would view as a "steal" of a deal). Throw in the growth in social shopping or daily “coupon deal” companies, and consumers are facing much more confusion on what is considered a legitimate site.

While it would seem that the obvious answer to this issue is to block all personal access to the Internet from the company’s network, currently only 11 percent of corporations do that. The rise of employees using their own personal devices for work functions in addition to the variety of devices people use to communicate today leaves this task virtually impossible. Additionally, the benefit of allowing employees to have access actually increases productivity and morale.

Educating Employees
The saying "if it's too good to be true, then it probably is" holds true. There's no such thing as a free lunch, or a free iPhone. Remind your employees of this. Give examples of how spammers can spoof a legitimate website’s email template and make it look authentic.

If an e-mail arrives in their inbox that reports on a sale, they will be more likely to analyze it thoroughly. If possible, recommend employees go directly to the website without clicking on the link in the email to verify the authenticity. (Better yet, recommend that employees first Google the website in question, if they’ve never heard of it -- often times, fraudulent websites are trending topics.)

If it's a specialized link, be sure to mouse over them first rather than blindly clicking on it, as links can be made to look legitimate but actually lead to a malicious page or phishing site.

While fraudulent products are always a concern, most cybercrimes involve banking/payment with the manipulation of the payment transaction. The consumer assumes they are placing a transaction with a legitimate party, providing their personal and credit card information over a secure transaction page without thinking about what this party might do with their information, or who else might get access to it.

If a payment transaction service like Paypal is being used, are you sure the page displayed is Paypal? Will you even get the goods? The best way to combat this is to remind employees to check with their bank to see what coverage they have for online shopping using their card in case of fraud, or perhaps change to a card that has good fraud protection coverage.

Also note that fraud goes beyond malware and stealing money and into what is done to your private information after the transaction is complete. No deal is a good deal if personal information is compromised. Consistent education and communication with your employees on these matters will help keep your network -- and your employees -- safer.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.