Consumers were bombarded with a massive surge in retail cyber attacks at the opening of the 2024 holiday shopping season, a new study by U.K.-based cybersecurity firm Darktrace concludes.
Analysis from Darktrace’s threat-intelligence team using data from across the company’s customer base shows that during Black Friday week (Nov. 25-29) attempted Christmas-themed e-mail phishing attacks leapt 327% around the world, while Black Friday-themed phishing attacks jumped 692% compared to the beginning of the month (Nov. 4 – 9), as “bad actors” seek to take advantage of consumers and holiday brands during the busy shopping period.
The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands including Walmart, Target and Best Buy increasing by more than 2000% during peak shopping periods.
“The festive shopping season creates a perfect storm for cyber criminals,” says Nathaniel Jones, Darktrace’s VP of Threat Research. “Consumers are primed to expect floods of retail deals, while retailers are processing tremendous transaction volumes at speed. This combination makes spotting suspicious patterns more challenging than at any other part of the year. Bad actors taking advantage of that with brand impersonation is nothing new, but the rapidly growing volume of those attacks makes them a real worry.”
That said, Darktrace offered these five essential security measures for retailers:
- Make logins secure: Ensure all staff have strong passwords (12-16 characters). Set up multi-factor verification across all business systems. This extra layer of security means even if passwords are compromised, unauthorized users can’t access your accounts during the busy retail period and use them to target your customers.
- Lock down email: Call your IT team and ask them if they have DMARC switched on. DMARC stops scammers from sending emails that look like they’re from your company and helps you see who is illegitimately sending from your email domain to protect your brand.
- Prepare your team: Regular security training and business wide communications help staff identify and report seasonal scams. Focus on current threats and emerging patterns – when your team knows what to look for, they become your strongest defense against cyber-attacks.
- Monitor brand impersonation: Set up Google Alerts to track mentions of your brand and warn you of counterfeit websites and fraudulent domains. Also lock down your brand name with official registrations. Several brand protection tools out there can also help catch imposters.
- Strengthen your payment processes: Implement tiered-access policies with stricter controls for finance team members who handle transactions. Apply more rigorous authentication and monitoring requirements compared to non-financial roles, ensuring sensitive payment operations are limited to authorized personnel.
Click here for more from the Darktrace study.
Advertisement