Digital Criminals' Holiday Bonanza


Thought Leadership

Digital Criminals' Holiday Bonanza

David Bisson

Every year, the volume of fraud picks up as consumers make more purchases around the holiday season. Expectations for 2018 are no different. According to new benchmark data from ACI worldwide, fraud attempts are likely to increase in volume and value by 14 percent and 17 percent, respectively, between Thanksgiving and Cyber Monday. Those figures are just slightly less than those for purchases, which ACI anticipates will grow in volume by 18 percent and in value by 19 percent during the same period.
Given fraudsters’ love for the holidays, it’s important that consumers familiarize themselves with the types of digital threats out there this season. Below are three types of threats in particular for which consumers should be on the lookout this year.



The holidays are known for scams that try to trick users into handing over their personal data or financial details. A new ruse called “Secret Sister” appears to be no different. This ploy takes the form of a chain letter that circulates on social media platforms and arrives in people’s inboxes. It asks recipients to send a $10 gift to a fellow “sister” participating in the Secret Santa exchange, and in return, they’ll receive 6-36 presents of their own.
Those who fall for this scam will lose $10 and not receive any gifts in return. But that’s the least of their worries. As noted by Malwarebytes, participating in this ruse could break anti-gambling laws imposed by the United States Postal Service. Those orchestrating the scam might also ask for users’ personal information but then abuse that data by attempting to authenticate themselves on victims’ web accounts or committing identity theft.

Banking Trojans


Banking trojans are a type of malware that target customers of specific banks. These threats wait for users to visit the websites of targeted financial institution on their laptops or mobile devices. When they detect this type of activity, the trojans use overlay pages and other techniques to steal people’s banking credentials.
No doubt banking trojans are keeping up such behavior as Black Friday approaches. But they’re also doing something a bit different this year. Kaspersky Lab’s researchers spotted 14 different malware families targeting e-commerce brands ahead of Black Friday. Half of those families consisted of banking trojans. Apparently, those particular threats have broadened their targets to include e-commerce brands in order to steal users’ credentials by intercepting data on target sites, modifying website content and redirecting people to phishing pages. With those credentials, the trojans can then steal money out of users’ banking accounts.

Malicious Apps


Consumers want to save as much money as they can during the holidays. To give themselves an edge, many download mobile apps that promise to help them keep track of the best deals. Most apps live up to that promise. But some don’t.
Case in point, RiskIQ observed that more than five percent of mobile apps found by searching “Black Friday” in well-known app stores like Google’s Play Store and Apple’s App Store were blacklisted (unsafe to use) because they were malicious. The cybersecurity company found a slightly smaller number of blacklisted apps associated with “Cyber Monday.” Of the 959 programs it found, 4.6 percent of them behaved maliciously.

What Comes Next After Consumer Awareness?


Neither consumers nor organizations should allow the threats above to spoil their holiday festivities. They just need to make sure they’re focused on protecting their digital security. Users can do this by installing an anti-virus solution onto their devices, avoiding suspicious links and email attachments, downloading apps from only trusted developers on official app marketplaces and not using public Wi-Fi. Organizations can further help protect their employees by implementing two-factor authentication and using a security solution that protects their emails against digital threats with the help of encryption and multi-layered threat analysis.

Learn how Zix can keep your organization safe this holiday season.