The 2023 holiday shopping season is jingling along merrily after starting off strong. The National Retail Federation (NRF) reports that a record 196.7 million Americans shopped in stores and online in the five-day period from Thanksgiving Day through Cyber Monday. NRF also forecasts that holiday retail sales will grow between 6% and 8% over 2021, potentially reaching more than $960 billion.
These robust figures have fraudsters feeling quite festive, of course. They’re deploying an array of attack strategies—many with social engineering at their core—to fill their stockings up to the brim with stolen funds and other treats, like consumers’ personally identifiable information (PII).
Cyber criminals amassed a hefty haul through their exploits last holiday season. The FBI reports that Americans experienced $6.9 billion in losses from holiday scams in 2021, including $337 million from online shopping and non-delivery scams. Credit card fraud accounted for another $173 million in losses.
That’s a lot of sugar plums—and you can be sure fraudsters are hoping to collect even more in 2022.
Better watch out for these common holiday season scams
How can you and your family protect yourselves from Christmas and holiday scams and other online threats this holiday season? It helps to know what types of scams to be on the lookout for. Here are some to keep on your radar:
- Impersonation attack: A malicious threat actor poses as a trusted organisation, like an online store or a bank, or as a person you know, like a co-worker, and uses that trust to convince you to take some type of action—for example, sharing your account credentials.
- Package delivery scam: A fraudster pretends to be Amazon, UPS or another trusted delivery service and sends fake messages about package delays, status updates and other issues in the hope of tricking you into downloading ransomware, scamming you out of money, and more.
- Smishing and vishing: These phishing attack methods have become more prevalent in recent years. Fraudsters use text messages (smishing) or voice calls (vishing) to phish users, sending malicious links or asking them to provide their personal information via phone.
- Telephone-oriented attack delivery (TOAD): These threats can start with an unsolicited email that includes a fake receipt for a product or service and a phone number to call to dispute charges. Call the number, and a phone operator might direct you to a malicious site or get you to install remote management software.
Also, stay on the alert for charity scams. Bad actors will try to take advantage of the spirit of holiday giving by using email, social media, the phone and other channels to solicit donations to charities—either incorporating legitimate charities’ names and logos into their scams or setting up phoney charities.
Have a safe holiday season—and keep scammers out in the cold!
To learn more about these holiday scams and other attack methods, check out the Proofpoint webinar, “How to Stay Resilient Against Holiday Scams This Season”, available on-demand. You can also stay on top of the latest cyber threats and scams any time of year by visiting the Proofpoint Cybersecurity Awareness Hub. To start the new year strong, leverage our 3 Weeks of Cybersecurity Best Practices for '23 kit so that you can educate your users on what to look out for and become a strong line of defence.
Also, we suggest applying the six best practices shown below through the holiday season—and beyond. Proofpoint shared this infographic with our blog readers in 2021, and we thought we should “regift” it this year because all of these tips are still relevant. These simple measures can go a long way toward preventing cyber criminals from getting what they want this holiday season.