Black Friday’22 an even bigger Red Letter Day than ever for cyberscammers

Jeff Costlow, CISO, ExtraHop commented on the cyber frenzy around Black Friday and offers some advice on what can be done to combat the best efforts of scammers:

Retailers are a massive and growing target

“As we approach the holiday season, and the busiest time of year for online shopping, retailers need to proactively plan against potential cyberattacks. We’re often very focused on warning shoppers about common traps but I also urge any retailer to help their employees be on high alert. We’ve seen cybercriminals work farther up the supply chain this past year. I think employees at retailers are going to be the main target as criminals look to cause disruption, pilfer data and pad their pockets for their own holiday season.

Compromising from the inside out

This has to start with the seasonal staff hired to support the heightened demand of the season. Cybercriminals are getting increasingly smart and sophisticated in who they target. For example, we’ve seen an uptick in smishing attacks targeting new employees at ExtraHop. Often it’s a text from the “CEO” or other leadership figure asking for a quick favour because they’re in a meeting. While this may sound like a tired lure, it continues to exist because it works. Now imagine a frazzled new employee who is looking to make a good impression during their first week or two on the job. It’s easy to see how these innocent employees could fall victim. Make sure new employees get training, are aware of how to report suspicious activity, and feel supported and empowered to ask for help if something seems off.”

How retailers’ tech teams can stop scams

“On the corporate front, limited staffing during the busy online holiday shopping season can create threat detection and response vulnerabilities. Now more than ever, retail cyber teams should be looking for malicious clones or fake websites, as well as monitoring the dark web for stolen information being sold. It is imperative that these teams find and isolate scams associated with their brand before they cause irreparable damage.”