With the holiday buying season in full swing, fraudsters are looking to take advantage of unsuspecting businesses and consumers during the uptick in purchases. The holidays often correlate with an increase in cyber attacks. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI released a joint statement encouraging everyone to examine their current cybersecurity measures against cyber threats to help evaluate and mitigate any potential risks.
Here are some common cyber threats to be aware of during the holiday season and how to avoid the risk of a cyberattack trap.
This type of fraud involves online buyers attempting to secure a refund without returning the product using the chargeback process, effectively receiving it for “free.” Instead of contacting the merchant directly for a refund, consumers will dispute the transaction with their bank claiming that they didn’t make the purchase, never received the item, or that they sent back an item when they didn’t.
Since card issuers often receive an overwhelming amount of chargeback requests, many will greenlight the request with little to no evidence, passing the damage on to the business.
When businesses implemented multiple payment protocols, 36% had to do fewer manual reviews, and 76% saw a reduction in fraud attempts. To prevent becoming a victim of chargeback fraud, implement a multi-layered payment protocol that includes:
- Shipping and billing address confirmations
- Card security codes known as card identification value (CVV), for any card-not-present (CNP) transactions
- Address verification services
- Email verification methods
- Order validation tools
Non-Payment or Non-Delivery Charges
According to the Internet Crime Complaint Center’s (IC3) 2020 report, non-payment or non-delivery charges cost consumers and businesses more than $265 million last year. A non-payment scam occurs when goods or services are provided or shipped, but the seller never receives payment. Vice versa, a non-delivery scam takes place when a buyer pays for goods online, but never receives their items.
To avoid falling for these traps, make sure the website you are buying from is legitimate and secure – if it doesn’t have an https in the web address, this means the website is not secure and you should avoid entering your information. If you are the seller, make sure your business processes payments before sending any products.
Distributed Denial of Services (DDoS) Attacks
Another threat for businesses around the holidays is Distributed Denial of Services (DDoS) attacks. A DDoS attack is when the hackers purposefully disrupt the normal traffic of a server, service or network with a flood of internet traffic so that it cannot operate or communicate properly.
As the global pandemic created more urgency for online operations, this has presented new opportunities for DDoS scams to take place and cyber criminals are taking full advantage. If current trends continue, experts have predicted that there will be a record breaking 11 million DDoS attacks by the end of the year. To prevent or help mitigate DDoS attacks you can:
- Increase bandwidth to help handle traffic spikes
- Switch to cloud-based services
- Take advantage of anti-DDoS hardware and software
Phishing emails are one of the most common types of cybercrime. From 2019 to 2020, phishing complaints received by the FBI’s Internet Crime Complaint Center increased by 110%. This increase is directly correlated with the increase in internet users due to the COVID-19 pandemic. Because people became heavily reliant on the Internet, cybercriminals used this to their advantage and increased their online social engineering attacks.
Many phishing emails seem like they are from legitimate sources and will either request personal information or have links and downloads that will infect your computer with a virus or malicious malware called ransomware. Once your computer is infected, scammers will steal your personal information or hold your computer hostage until you pay them.
To avoid becoming a victim of phishing, keep browsers updated, install firewalls and train employees in basic cybersecurity practices.
Don’t Fall Victim to Holiday Scams
At Bluefin, we understand the risks and costs of online hackers; that’s why we offer PCI-validated point-to-point encryption as well as tokenization technologies to protect payments and sensitive data.
To learn more about our integrated payment and data security solutions, get in touch with a Bluefin representative today.