The holiday rush will play out in the digital space this year and consumers have let their guards down in search of normalcy and routine. Count on hackers to have saturated the digital marketplace with businesslike communications to lure consumers. They’ll use practical messaging, like “your package is on its way,” “click to confirm,” and even “we’ve been trying to reach you,” by way of emails, text messages, or vishing.
Email campaigns are easy to duplicate and can leave you scratching your head. Ten years ago, the graphics were pixelated and the content was riddled with errors. You wouldn’t think twice before deleting an email offering free Rolexes or Viagra – and even reporting it spam. Those same spoofed sites that collect credit card data, log-in credentials, and personal information are still in existence, but today, programmers capture the website data through code and essentially duplicate websites to mislead consumers.
Text messages are more insidious because they come to the palm of our hand with short, “click here to confirm” links. Along with vishing, a combined voice and phishing scam where the criminal seeks out personal information, the latest technologies create a new risk. Both are forms of social engineering and attempt to persuade consumers into divulging information during the bustle of the holiday season.
Organizations are at risk, too. Zipped files and malware attachments come disguised as “the files you requested” or time sensitive invoices, that allow hackers access to email accounts they’ll use to target the company’s customers. By infiltrating the supply chain, hackers will use information from the target’s suppliers and vendors to mimic the trusted partner.
Hackers have leaked billions of usernames and password combinations from hundreds of companies over the past five years, and ‘tis the season. Known as credential stuffing, cyber criminals try these credentials against other online accounts. Make sure you are ahead of this year’s schemes.