SecureWorld News

Cyber Leaders on Defending Against Holiday Scam Vulnerabilities

Written by Cam Sivesind | Thu | Nov 17, 2022 | 6:01 PM Z

The holidays are a time when people unknowingly let their guard down, and cybercriminals know it. They take advantage of folks at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as staff take vacation time and someone not used to a certain role might be covering for another employee.

It's a holiday recipe for potential disaster. But have no fear, we have an on-demand webcast available now on "How to Stay Resilient Against Holiday Scams this Season."

The discussion includes Matthew O'Neil, Global Investigative Operations Center, Cyber Intelligence Section, U.S. Secret Service; Cathy Click, Phishing Defense and Education, FedEx; and Fabiola Fernandez, Product Marketing Manager, Security Awareness Training, Proofpoint.

Watch as these cybersecurity leaders interact and share:

  • The methods and techniques scammers use during the holiday season
  • Examples of common holiday scams your end-users will face
  • Successful ways security awareness programs help end-users build positive security habits to stay vigilant against attacks  

"According to the FBI, they reported that last year Americans experienced $6.9 billion in losses from holiday scams and this included $337 million just from online shopping and non-delivery scams alone," Fernandez said. "That's a lot of money, and we're always shopping online. I know I am almost every other day."

For FedEx, Click said the company deals not only with external issues with customers affected by bad actors trying to scam package recipients, but also attacks on internal issues with hackers claiming to be customers looking for retribution for a failed package delivery.

"We ask external customers to send to abuse@fedex.com," Click said. "If you ever do get one of those, we have an entire setup where they do takedowns of those malicious characters that are sending out those emails. And they do tend to ramp them up at Christmas time, knowing darn good and well that you have ordered all these gifts.

"Internally, they'll tend to attack our customer internal team members by going after them saying they're a customer that has lost something, for example."

[RELATED: The Holiday Hacker Case Study]

O'Neil said that a lot of fraud investigations involve following the money—with the main motivator being financial gain for cybercriminals; and it's why reporting incidents no matter if it's thousands of dollars are a few hundred or less is important.

"Statistics show that within 24 hours of a wire transfer, especially overseas, being reported to law enforcement, we can recover all or a portion of the money somewhere in the neighborhood of 55% or 56% of the time," O'Neil said. "After 72 hours, it's about 1%."

Thanks to Proofpoint for sponsoring the webcast, which is available on demand, and to Cathy Click and Matthew O'Neil for offering their wisdom on the subject of preventing and reporting holiday scams.

Also, check out our recent post on "Holiday Season Cyber Threat Trends for Retail, Hospitality Industries."