Holiday Hustle: How MSPs Can Shield Clients from Cyberthreats

As the holidays approach, we can count on several things: Christmas decorations arriving in stores before Halloween is over; there never seems to be enough time to complete our holiday to-do list; we will overeat; and cybercriminals will have a field day trying to take advantage of our online shopping.

As more retail activity moves online, cybercrime has been on the rise. This is particularly true during holiday shopping events like Black Friday and Cyber Monday when otherwise astute internet users let their guard down in search of a bargain. In fact, according to the Gen Digital 2024 Cyber Safety Insights Report, nearly one in five adults is more inclined to “engage with questionable offers during holiday promotions. This is particularly evident among Gen Z shoppers, whose behavior is heavily influenced by urgency cues often used by attackers to bypass rational decision-making.”

Nearly half of U.S. consumers reported being targeted by a scam while shopping online during the holidays. Last year, IC3 issued a public service announcement warning about common holiday shopping scams. It noted that in 2022, they received reports from almost 12,000 victims of non-payment/non-delivery scams, creating losses of more than $73 million.

Retail Scams Put Corporate Networks and Data at Risk

Related:Ex-Verizon, Infosys Employee Researched U.S. Cyberattacks for China

But online shopping scams aren’t just a threat to individual consumers. Many employees do their holiday shopping at work (nearly 60% of them), and remote work/work-from-home scenarios have only increased that behavior — driving as much as $375 billion in additional online spending, according to Mastercard. That means these retail scams could also put corporate networks and data at risk.

Many of these scams are targeted at a single transaction — tricking shoppers into paying for items that never ship by offering too-good-to-be-true discounts on hard-to-find items, for example. QR code-based scams send shoppers to fraudulent websites after they scan a coupon. Brand impersonation is also common, with shoppers directed to websites meant to look like legitimate retail sites so they can capture personal payment information.

Workers also drop their guard during the holidays, making them more vulnerable to cyberthreats like phishing, social engineering campaigns and ransomware. Criminals take advantage of the types of staff shortages, operations changes and distractions common at the end of the year to steal account access.

Some of the more common online shopping scams include:

Related:Password-focused Keeper Security Joins Sherweb Market

How to Protect Against Holiday Cyberthreats

What can be done? Companies must take concrete steps to shut down brand impersonation scams in the retail sector. Last year, Amazon saw more than 45,000 phishing websites attempt to impersonate its website. In response, the company leveraged real-time domain monitoring to detect suspicious activity, backed up by analysis by AI and machine learning-based security solutions. They also worked closely with law enforcement to shut down fake websites. MSPs can help their retail clients deploy these solutions and offer monitoring services so retailers can focus on their core business activities.

Related:The Gately Report: Recent Acquisitions Benefiting Fortinet Partners

For companies that want to protect themselves from shopping-related employee breaches, several potential steps exist.

Guidance from Mastercard recommends implementing a domain-based message authentication, reporting, and conformance (DMARC) tool to protect against domain spoofing.

By planning ahead, deploying the right technology and educating clients and staff, MSPs can help reduce the risk of holiday cyberthreats. That allows everyone to focus more on their core businesses, relax during their holiday break, and prevent cyber-Grinches from stealing their data.