The holiday season is the busiest and most profitable time of year for many businesses, however, cybercriminals know this too.
IT and hacking scams targeting businesses drastically increase over the holidays as hackers try to take advantage of distracted and overwhelmed owners focused on serving customers and managing seasonal logistics.
Statistics from the ACCC show total losses due to scams in Australia reached $3.1 billion in 2022, an 80 percent increase from 2021.
In this article, we’ll explain the top five IT and cybersecurity scams hitting businesses hardest right now and provide key tips to secure your systems and outsmart these ruthless scammers.
1. Payment Redirection Scams.
The number one scam businesses fall victim to are payment redirection crimes which involve hackers infiltrating company email accounts.
Once inside, they secretly change vendor payment details so that they reroute payments intended for legitimate companies straight into their own accounts.
Recent reports show small businesses losing up to $100,000 per attack.
Shockingly, these malicious actors pilfered $224 million through payment redirection schemes in 2022, affecting both everyday consumers and companies.
Protect yourself by implementing two-factor authentication on all company emails and training staff to vigilantly double-check any changes to account numbers or wiring instructions directly with that vendor through a known, secure communication channel prior to sending payments.
Also be on high alert for any urgent or last-minute payment requests as these signal likely scams.
2. Phishing Scams.
Another pervasive ploy hackers deploy during the busy Christmas crunch are phishing scams involving emails with corrupted links or attachments. These criminals send fake invoices from supplier accounts they’ve compromised hoping rushed staff will click without verifying. Fraudsters even impersonate executives demanding gift card purchases for dubious reasons. Once opened, these links or files install malware granting access to company systems and customer data.
Combat this by first identifying any urgent requests, demands for sensitive data, or slightly misspelt email addresses signalling likely phishing attempts.
Ensure staff never clicks links or downloads attachments without first independently confirming their legitimacy directly through known vendor contacts.
Setting up secured company intranets can also allow effective internal file sharing without risk of phishing vulnerability through emails.
3. Fake Website Scams.
As customers flock online for holiday shopping, hackers build convincing copycat websites impersonating major retailers in hopes of stealing financial and personal data. In 2023, impersonated brands increased 25%.
Warning signs of fake sites include unusually low prices on coveted items or reviews which appear vague and overly positive. These criminals then sell compromised data on the dark web or use it to drain consumer financial accounts. Their sites also frequently contain malware with which they can access company systems for further theft and fraud.
Business owners should warn customers against providing data on unfamiliar sites touting prices that seem too good to be true. Also train staff to identify and report fake sites so brands can initiate takedowns. Make sure your own company website has complete contact info, terms and conditions, an SSL certificate, and other indicators of legitimacy and security.
4. Customer Data Scams.
Devious scammers have also launched seasonal ploys aimed directly at customers with the ultimate goal being company data theft. Retailers reported over 30% of all fraud claims occurring right after the December holidays when consumers falsely allege never receiving goods already shipped and pocketed.
By initiating unwarranted returns and complaints, thieves bank on overwhelming retailers too distracted by real customer requests to investigate fully. If granted, these fraudulent credits and refunds then essentially amount to company theft.
Prevent this by keeping meticulous sales and shipping records and confirming all appropriate information is connected with each transaction. Though time-consuming, thoroughly investigating flagged returns or complaints often exposes data patterns revealing wider fraud rings.
Make data security processes a key company commitment going into the high risk holiday season when more customer info enters systems growing vulnerable to breaches under expanded demands.
5. Delivery Scams.
With online holiday shopping at an all-time high this season, parcel delivery scams have seen an astronomical surge.
Deceitful hackers send texts or emails impersonating shipping companies claiming packages require updated addresses before completion. Victims trying to receive holiday gifts and purchases unwittingly click corrupted links or divulge personal data granting access to financial information.
Losses to delivery schemes quadrupled this year alone to over 700k. Officials predict the escalating number will only continue rising as more shipments get processed.
We strongly advise consumers not to click any tracking links and always independently check statuses through official retailer apps and sites.
For companies shipping high volumes this season, ensure security processes are firmly in place protecting all customer data essential to completion.
Train staff on protocols confirming identities prior to sharing any delivery details.
Require secondary means of verification before altering original addresses or receipts.
Remind everyone that heightened seasonal urgency will pressure us to move quickly, but we must have due diligence to avoid becoming victims ourselves.
Don’t Let Scammers Steal Holiday Joy and Profits.
Pressure runs high for businesses striving to deliver holiday joy and exceptional service during this bustling season.
Unfortunately, unscrupulous cyber thieves know this too. IT and hacking scams targeting overwhelmed owners and staff markedly increase, hoping to catch that one mistake granting access that triggers company devastation.
Don’t become another grim statistic this Christmas. Implement comprehensive security enhancing email, site, data, transaction, and customer protections.
Prioritise thorough staff training to recognize subtle signs of sophisticated fraud attempts so you can act before finding company coffers and hard drives empty.
Remain vigilant and don’t let the criminals steal holiday cheer and profits!
