Shoppers are expected to smash previous Black Friday spending records this weekend, with experts forecasting global sales of around $36.9 billion on Friday alone. With over 165 million people heading to stores or shopping online during the frenzy that follows Thanksgiving, retailers will be busier and more distracted than ever. And this makes them a prime target for cybercriminals.
Phishing is the biggest risk for one in five IT decision makers at UK and US retailers during the holiday shopping season. No wonder – over 60% receive more phishing attacks during this time than any other point in the year. Peak shopping days like Black Friday, Small Business Saturday and Cyber Monday are a golden opportunity for hackers to hide in chaotic inboxes and take advantage of individuals who are not security savvy. Is your business defending against this risk?
When dealing with throngs of shoppers, processing thousands of orders and meeting overwhelming sales targets, retail staff will be under pressure to deliver. With more emails being sent and received and with staff working at a fast pace for long hours, mistakes will inevitably happen. In fact, 67% of IT decision makers at UK and US retailers believe staff are more likely to click on a phishing email during the holiday shopping season. Put measures in place to protect your people, especially when security is the last thing on their mind.
Temporary seasonal workers play a critical role in helping retailers out during this busy time but they rarely benefit from the cybersecurity training that full-time employees receive. This makes them more vulnerable to threats like phishing. If just one employee falls for a scam, the retailer could face a security breach exposing the personal and financial data of thousands of consumers. Make sure all staff are trained on the phishing threat and know what action to take should they receive one.
Over a quarter of retail IT practitioners are concerned that customer service workers will fall for phishing attacks during this peak shopping season. Hackers will target these teams with phishing emails that contain malicious attachments or links, knowing that staff will need to deal with every customer enquiry they receive. Stay on high alert: encourage customer service teams to flag any messages that look suspicious.
Consumers will be inundated with emails touting Black Friday deals this weekend. It’s a golden opportunity for cybercriminals looking to steal personal data and credit card information to pose as legitimate retail brands and lure consumers to fake sites. We increasingly see hackers impersonating brands in sophisticated spoofed emails; it’s surprisingly easy to do if the company doesn’t have email authentication records like DMARC in place.
Worryingly, a third of retailers we surveyed do not have these checks in place. The problem is that consumers are more likely to click on malicious links or download harmful attachments when an email looks like it comes from a legitimate brand and email address. Protect your customers by protecting your brand.
Not only can hackers target your third-party suppliers to gain access to company information, but they can also impersonate suppliers’ domains and send seemingly legitimate emails to your staff, asking them to wire money or share credentials. Nearly one in three retailers say employees have received spear phishing emails impersonating an external supplier. Always examine what the sender is asking you to do—are you being asked to carry out an urgent request? If this isn’t normal, it may be a fake request.
Don’t make cybersecurity training a one-off exercise. Continually teach and reinforce safe email behavior so that your staff are able to make the right cybersecurity decisions both at work and in their personal life. Our handy cheat sheet will help. Encourage your employees to print it and keep it on their desk so that they can identify the cues of a malicious message.
To find out more about how to avoid seasonal scams, read our report.