Haunted houses, pumpkins and candy corn are telltale signs that Halloween is almost here. According to the National Retail Federation’s annual Halloween survey, 172 million Americans plan on celebrating Halloween this year, with the average American spending $86.79 for, an overall total of $8.8 billion – down only slightly from $9 billion in 2018.
“Spending hasn’t changed much over the past few years, but we are seeing a noticeable increase in consumers whose Halloween purchases are inspired by their friends, neighbors and even celebrities on social media,” NRF President and CEO Matthew Shay said. “Retailers expect to have another strong Halloween season and have stocked up on candy, decorations and the season’s most popular costumes.”
But Halloween marks the first of the major spend holidays and that means more hackers are starting to come out.
Major Spend on Costumes for Pets and More
This Halloween, 69% of consumers will be handing out candy, while 49% will decorate their home or yard, and 22% will visit haunted houses. There will be a lot of hot dog and pumpkin-dressed pets this Halloween, as 29 million Americans plan to put Fido in a costume. Princesses and Superhero’s are the most popular children’s costumes this year and the top costume choices for adults are witches and vampires. Interestingly enough, inspiration for Halloween costumes come primarily from online browsing, at 35%, followed by 28% who get their inspiration from browsing at stores.
And the biggest spend categories are not surprising.
- $2.6 billion dollars on candy
- $3.2 billion on costumes (including children and pets)
- $2.7 billion on decorations
- $390 million on greeting cards
Holiday Spend Means More Hacker Attention
The only thing scarier than how much Americans spend on Halloween is the number of cyberattacks that start in October and last throughout January. Data from the F5 Security Operations Center (SOC), which tracks and shuts down phishing and fraudulent websites for customers, shows that fraud incidents in October, November, and December jump over 50% from the annual average.
The holidays are a prime time for hackers to strike, because:
- Employees use their personal email more at work during the holidays to online shop, check status of orders, and they receive e-cards and invites from friends and family. Hackers are aware of this, and know that with so much is going on, it is a perfect time to send phishing emails. Once the employees open the email, criminals have access to the entire companies’ network and can cause severe damage.
- Many consumers will immediately open an email for a bill or invoice marked “due” or “overdue” without even considering whether the email looks suspicious because notification of payment often inspires panic. Consumers need to examine such emails and determine whether the web or email address looks genuine, whether confidential or personal information is asked for, and if a document is attached, whether it looks to be legitimate.
- Another reason hackers wait for the holidays to strike is because they know most companies are understaffed during this time of the year because of vacations. When Timehop was hacked in July 2018, for example, hackers waited until the Fourth of July so the they had more time to work without detection.
- More consumers are shopping online than ever before and because it is has become so commonplace, they have become more trusting of where they enter their credit card information. In 2018,1M people shopped online from Thanksgiving Day to Cyber Monday. Encryption and tokenization of consumers personal and payment data is absolutely crucial, thanks to the fact that hackers are using stolen credit cards online more than ever since the introduction of EMV in 2015.
“Cybercriminals have been gathering information all year about how they can pretend to be you and their attempts will be very realistic,” said Steve Durbin, managing director of the Information Security Forum, said. “Of course, not everyone is a criminal, and there will be genuine offers, but stop and think before you click that button.”
Take the Fright out of Your Holiday with P2PE and Tokenization
The holidays are the perfect time for cyber criminals to prey on individuals and organizations, since people are distracted. While consumers need to carefully consider their digital footprint, companies need to consider how best to protect their consumer data and information from the inevitable hacking attempts.
Bluefin specializes in PCI-validated Point-to-Point Encryption (P2PE) products that safeguard cardholder data entered at the point of sale or over the phone, and tokenization of Personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online with our ShieldConex® platform. We are a staunch advocate of devaluing all valuable data and taking a holistic approach to security.
Organizations can mitigate the effects of data breaches – not matter how they happen. They just need the best tools to “frighten” away the hackers!