When Every Day is Cyber Monday, Attackers Can Score Big

November 23, 2020 David Higgins

Seasonal Cybersecurity Risks

Back in the seemingly footloose and fancy-free pre-Covid-19 age, shopping holidays were also rooted in pre-New Normal reality. But since last spring, our offline and online lives have further blurred, and merchant focus on one-off shopping holidays has shifted to meet the always-on, always-home behaviors and preferences of consumers in physical limbo.

Unsurprisingly, nearly 70% of consumers say they’ve increased online shopping in the last six months. Now that we’re fully stocked with paper towels, many people are ready to pounce on “essential” holiday must-haves like the new Sony PS5 – and we’re not waiting until Cyber Monday, which is starting to feel like a quaint relic of yesteryear.

This surge in eCommerce activity has opened floodgates of opportunity for cyber attackers looking to cash in on rapid change. With the holidays just around the corner, how will our “new normal” impact seasonal shopping habits, and what does it mean for cybersecurity? What risks are consumers willing to take to get that gift?

Download image here

The Disappearance of Black Friday / Cyber Monday

Over the last six to eight months, retailers have been eager to court customers who have cautiously curtailed spending during this time of uncertainty by offering deep discounts and adapting to changing shopper behaviors.

Instead of waiting for Black Friday and Cyber Monday, many began dropping deals during the fall. Amazon, Best Buy, Macy’s and Target were among many retailers to release their biggest Black Friday discounts in October – nearly two full months before the official start of the holiday shopping season.

Consumers are gladly taking advantage of these early digital deals, jumpstarting their holiday shopping while skipping the crowds and irritating mall music. In fact, according to The CyberArk Holiday Shopping Security Survey, more than half of respondents (53%) say they won’t participate in the traditional shopping “holidays” like Black Friday or Cyber Monday this year. Either they believe good discounts are always available in this day and age, or they’ve started their shopping extremely early because of expected shipping delays. Either way, the holiday shopping season – at least in 2020 – will not be limited to a few marathon days.

With shoppers spending more time online and spreading out their spending over months, what should we know about rising attacker opportunities?

Cyber Attackers and the New Retail Reality

The spike in online shopping and digital advertising is also creating more opportunity for attackers – who are looking to take advantage of unsuspecting consumers – many of whom admit to risky shopping habits.

For example, 65% of consumers admit to saving passwords and credit cards on their devices. Sure, it’s convenient to make a quick purchase, but there’s a major downside. Credit card numbers saved in a browser can be enticing targets for phishing attacks.

Further, anyone who has waited weeks (or months!) for toilet paper to get delivered from Amazon or your favorite big box retailer knows that many manufacturers are having a tough time keeping up with demand. Anticipating supply chain issues this season, 57% of consumers say they would be willing to shop at unfamiliar online stores in order to score the perfect holiday gift on time. Okay. Your kid really needs a Star Wars Mandalorian Darksaber — and you’re running out of time. So you search around, finally find one from a retailer you’ve never heard of – but they have it in stock. You punch in your credit card number with glee. Yet fraudsters set up fake typosquat websites to trick online shoppers into disclosing sensitive information all the time. Before making a purchase, it’s important to do some research on the retailer. Are they reputable? Do they have the “https” and closed padlock icon in the browser? While these intended symbols of security don’t always protect the consumer, they can be a reliable indicator of safety.

It’s not that consumers don’t recognize the risks of online shopping. Only 26% are totally confident in retailers’ ability to secure their transactions and privacy – but consumer awareness hasn’t translated to action. And today, convenience often trumps caution.

The year 2020 has “gifted” us all with a host of unanticipated scenarios and challenges, some of which threaten online security and privacy. Don’t let holiday shopping be one of them.

Employers, Beware: Employee Shopping Habits Have a Dangerous Ripple Effect

Unfortunately, risky consumer shopping habits put more than personal devices and information in danger. Thirty percent of respondents admit to using their corporate devices to shop online, while 27% allow household members to use their corporate devices to shop online. These behaviors threaten corporate security. All it takes is one compromised credential on one employee laptop to potentially cause costly business damage and disruption.

While “Christmas Every Day” makes for great Hallmark Channel movie material, an extended holiday season isn’t all holly and jolly. Nearly three months of digital deals mean cyber attackers have significantly more time to spoof employees with holiday-themed phishing emails, websites, social media scams and more. Stay vigilant, and as you look to the year ahead, make sure organizational cybersecurity strategies align with new realities and consumer behaviors. Because as it turns out, shopping for everything from groceries to cars is pretty convenient and comfortable from the couch – and it’s not going away anytime soon.

The CyberArk Holiday Shopping Security Survey, 2020 was conducted in October 2020 by an independent research agency. The study included responses from 2,000 consumers in the United States, UK, France and Germany.

Previous Article
2021 Cybersecurity Trends: The Emergence of the Personalized Attack Chain
2021 Cybersecurity Trends: The Emergence of the Personalized Attack Chain

It’s hard to look forward to 2021 without considering the trends that shaped the generally unfavorite year ...

Next Article
Intel, Please Stop Assisting Me
Intel, Please Stop Assisting Me

This post focuses on two vulnerabilities the CyberArk Labs team uncovered in the Intel Support Assistant th...

Check out our upcoming webinars!

See Webinars