Holiday Shopping Season Is Upon Us: Merchants & Customers Prepare!
The holiday season has scarcely started, and we’re already seeing the fraud machine crank up like a hungry pack of hyenas near a watering hole. Thefts in identity, credit card information, and the old scourge of customer-targeting ransomware (eclipsed recently by corporate victimization by ransomware cartels) is on the rise. Not only are tools continually getting more powerful on the dark side, but they are becoming easier to learn and more and more inviting to new threat actors and wanna-be ransomware gangs.
In the wider economy, prices are rising due to supply chain problems and changes in the labor market. So not only will credit card bills see unusually high prices and accrual of debt, there are more anomalies for the fraudsters to hide among, both from the machine learning algorithms and the watchful eyes of consumers.
Fraud, however, isn’t limited to online shopping. Skimmers are being introduced into the flow of purchases in stores, as recently happened to some Costco customers at point-of-sale devices as reported by Threat post (https://threatpost.com/costco-data-skimmer-customers-notification/176320/). It would seem that abusing the physical world, or where the overlap between physical and digital is ever greyer and is alive and well. We are entering a new threat landscape in the months ahead, but this could be a banner year for fraudsters in an old-fashioned way.
Holidays shoppers are advised to do the following, at least:
Make sure to inspect the point of sales terminals for physical tampering with card skimmers that will steal your card info
Choose a credit card for online shopping and one for store shopping — check the bills regularly and set up alerts for expensive purchases
Consider some of the credit monitoring services offered by credit bureaus
Refresh key passwords now, ensure they are unique and complex; and consider password and credit card vault software
If you’re a small or medium-sized business, consider pausing major IT rollouts and freezing production. It’s unlikely that a solution deployed between now and Black Friday or Cyber Monday is going to do much, but take the time to revisit contingencies, tabletop it even informally if you have time, and know what you will do if the worst happens, like a ransomware incident, and denial of service attack, or a classic breach.