Unfortunately cybercriminals don’t respect the sanctity of the holidays and, in fact, Christmas makes them more creative, warns CFC, the specialist insurance provider and pioneer in emerging risk.
The festive period has created a range of cyber risks over the years, with hackers taking advantage of the increase in e-commerce, charity activity, and time spent online. These are the most prevalent that CFC’s cyber incident response team have seen emerge in 2020.
1. Settling accounts
At year end, many businesses are looking to tie up loose ends but they need to be cautious about any invoices coming their way. Not only can attachments from unknown sources contain malicious code that can lead to the encryption of computer systems, but even invoices they are expecting can sometimes be fraudulent. CFC has seen cases of invoice fraud where hackers have breached suppliers’ systems, doctored up invoices with new bank account details, and sent them to expecting recipients who inevitably end up paying into fraudulent accounts.
2. Gift card scams
CFC’s team has noticed a clever kind of CEO fraud that revolves around gift cards. This happens when a seemingly legitimate email comes from someone senior within a business asking an employee to buy gift cards as client gifts. That same executive then emails again to request the unique code on the back of the gift card, under the guise of expediting the gift giving. Eventually the employee discovers that the original requests weren’t legitimate and that the email had been hacked or spoofed. This has proved to be a particularly effective attack method with so many people working remotely where it’s not as easy to quickly ask someone to verify something.
3. Bargain hunting
With budgets stretched, it’s no surprise that businesses are hunting around for the best price on gifts for employees or clients. Unfortunately CFC has seen cybercriminals upping the number of fake websites they operate, enabling them to steal the details of any payment card entered on to the site. What’s more, ads on unsecure websites can be riddled with malware, which can lead to even bigger problems particularly if those websites are accessed on company systems.
“It’s been a trying year for just about everyone and we’re all longing to wind down a little – but we can’t afford to slip up when it comes to cyber risks,” says CFC’s cyber development leader, Lindsey Nelson. “Companies and individuals alike need to be sure they’re just a little more vigilant when it comes to spending online or on email over the holidays to ensure they can enjoy an incident-free festive period!”