Chris Swagler | November 29th, 2022

Threat operators are increasing their phishing and ransomware operations targeting the retail sector as the holiday shopping season is now underway. According to our threat intelligence, the present economic downturn is pushing more shoppers to search for online discount codes and more threat operators are tricking customers with phony deals. Additionally, ransomware groups will be targeting small to medium-sized companies that are more inclined to pay threat operators to prevent operational disruptions during the holiday season.

Even though the retail industry has improved its defenses against cyberattacks in recent years, companies can’t consider themselves entirely breach-proof. Traditional phishing lures are when threat operators impersonate retailers in emails to obtain consumers’ login information and credit card data, which makes it practically impossible for retailers to trace unless consumers report them.

This year’s economic downturn and the resurgence of in-person holiday shopping are increasing the current threats that retailers have long contended with. There has been an increase in the number of retail companies mentioned on ransomware extortion sites each year, where groups release a list of victims they’ve targeted who haven’t paid the ransom. According to a report issued earlier this month by the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), phishing is one of the “most popular breaching services advertised within illicit communities.” Threat operators depend on employees and consumers being too busy to detect scam emails during the holiday season. Phishing tactics can cause consumers to submit their credentials and credit card information to fake sites or employees to download ransomware at their companies. Fortunately, there are some key things consumers can do to stay secure while shopping online.

During the holidays, there is an increase in reports of imposter websites that resemble well-known retailers and add fake product listings to entice consumers. Target’s response to a data breach impacting millions of consumers’ credit cards nine years ago woke the retail sector up to the cyber threats they face. Since the attacks, retailers have gradually allocated more resources to combating cyber threats and the industry has various cross-sector resources in place to assist in tracking and detecting threats. Fortunately, numerous organizations (like RH-ISAC) and retailers train their customer service teams to detect fake refund callers and accept calls from consumers who notice a phishing or imposter website scam. Most retailers now have a strong relationship with the FBI, which can help companies receive tips on threat operators’ new tactics making it more comfortable for retailers to contact investigators whenever they’re breached.

Numerous groups are capitalizing on global events during the holiday shopping season. People are willing to spend money and may be under pressure. Companies, consumers, and employees should always monitor their bank statements, double-check sender email domains and website URLs, and be aware of any deals that appear too good to be true. Additionally, companies need to remain alert to the current threat landscape and be aware of potential ransomware and phishing scams during the holiday season. At SpearTip, our certified engineers are continuously working 24/7/365, especially during holidays, at our Security Operations Center monitoring companies’ networks for potential ransomware and phishing threats. Our remediation experts focus on restoring companies’ operations, reclaiming their networks by isolating malware, and restoring business-critical assets. The ShadowSpear Platform, our integrable managed detection and response tool, uses comprehensive insights through unparalleled data normalization and visualizations to detect unknown and advanced ransomware threats.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.