With the Thanksgiving and Christmas seasons approaching, business owners are ramping up to better serve customers excited to find Black Friday specials, or preparing to spend time away from their businesses with their friends and family. Threat actors are increasingly active in targeting U.S. companies during the holiday seasons, which results in a year-end spike in cyber-attacks. During Black Friday and Christmas sales this year, we can expect threat actors worldwide to be more engaged online as they look to capitalize on the distraction of the holidays and an increase in internet traffic from online shopping.

Businesses and shoppers should remain alert for the possibility of a cyber-attack on data network systems, especially ransomware attacks. Threat actors will continue to target online shoppers and e-commerce companies for financial gain. There are a few specific types of cyber-attacks consumers should be aware of during this holiday season.


Magecart is a web-based data skimming operation that captures customer payment card data from an online store’s checkout page. This type of attack is accomplished by accessing the targeted website, implementing malicious JavaScript code in the checkout page to skim valuable data, and sending the information back to a threat actor-controlled server. Threat actors can use the stolen payment card data to make fraudulent purchases or sell the information on the dark web.


Shoppers are likely to receive emails from known retailers about sales and coupons, order confirmations, and product notices. Threat actors often create deceptive emails using a retailer’s logo to make a fraudulent email appear legitimate. These emails could contain malware in the attachment or a link that leads users to fake websites designed to steal login credentials.

Deceptive Ads

On most social media platforms, users are often bombarded with ads linking to legitimate websites. Some users, however, find ads linking to malicious or suspicious sites intending to install malware or steal login credentials. Threat actors use URL shortening to hide the true destination of a link and deceive users on social media websites.


Companies and online shoppers should be extra diligent in their practices during the upcoming holiday season. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) encourage businesses to review their current security posture and implement best practices to reduce the risk of cyber threats including ransomware. The FBI and CISA also strongly advise against paying threat actors a ransom. Paying the ransom does not guarantee the full recovery of files or ensure protection from future breaches. In fact, it might encourage the threat actors to target additional companies and engage in distributing malware and/or fund illegal activities.

Reporting an Internet Crime

Whether you or your company decide to pay the ransom, the FBI and CISA encourage people to report any ransomware incident to CISA, a local FBI field office, or by filing a report with the Internet Crime Complaint Center (IC3) at IC3.gov. Providing critical information will allow the U.S. Government to help victims, track ransomware attackers, hold these assailants responsible under U.S. law, and share information to prevent future attacks. When reporting an incident, the FBI and CISA might request forensic artifacts including recovered executable files, live memory (RAM) capture, images of infected systems, malware samples, or ransom notes.

Protect Your Valuable Data

With the holidays quickly approaching, it’s important to remember that threat actors are always hunting for potential vulnerabilities in your network systems or shopping habits. It remains crucial for companies and individuals to stay current on the latest threat landscape, conduct regular vulnerability scans, remind employers of cybersecurity best practices, and maintain visibility of potential cyber threats.

At SpearTip, our certified engineers at our three Security Operations Center locations will continuously monitor your networks 24/7, even on holidays and weekends. We also offer companies of any size our pre-breach and advisory services to prepare them for potential ransomware threats. With our advisory services, companies will learn how to learn to protect their networks against the most sophisticated cyber threats. We focus on real and imminent threats and offer pragmatic remediation steps to improve your security posture. Being proactive is the most effective way to protect your company’s network. SpearTip’s ShadowSpear, our endpoint detection and response platform, is a great proactive tool to prevent threat actors from infiltrating your company’s data network or stealing your personal financial information.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.