Online shopping sales alone this holiday season are expected to hit $117 billion and that spells big profits for retailers and big opportunity for those who aren’t concerned with receiving a lump of coal in their stocking.
For every online shopper eager to score the bargain of the season, there’s a scammer waiting in the wings to relieve them of their hard-earned money. However, corporations, no matter their size, make even more attractive targets as the pockets are infinitely deeper. Social media, cousin domains, mobile apps, spoofed emails, phishing and malware can all be used to gain access to a company’s sensitive data, a task made even easier during the busy holiday season. It’s critical to remain vigilant as these attacks not only can compromise data, but they can also damage a company’s brand, logo and overall reputation. The following are the more popular scams corporations should look out for:
- The Big Boss scam. Scammers, posing as the company CEO or CFO, ask Accounting or company comptrollers to carry out large wire transfers that (surprise) are then collected by the fraudsters. A new twist on this finds fraudsters asking for W-2 forms to be sent over in an attempt to access personal employee data.
- Facebook fire sale. Fraudsters create fake social media accounts spoofing a company’s actual social media presence and then dupe unwitting buyers into surrendering their credit card and other personal information in their attempt to win or purchase hard-to-come-by goods at ridiculously low prices. Companies can fall victim if their social media account is spoofed, but just as easily if their employees click on these malicious links and download malware while at work.
- Go phish. Companies can be the victim of phishing scams in two ways, either as the target or when a scammer masquerading as the company targets their customers. Regardless, the end game is the same: To trick the recipient into clicking on a link that will then lead them to enter personal information or inadvertently download malware that gains the fraudster access to a company’s inner workings.
- It’s the Great Package Delivery Scam, Charlie Brown. Increasingly, employees are having packages delivered to their office to prevent mail theft. They may have even used their work email as a contact address so they could quickly be alerted to their shipping status. This particular scam involves an email purporting to be from the U.S. Postal Service (or FedEx or UPS), alerting the recipient to the fact that they were unable to deliver a package and if they would kindly click on a link, print out a label and deliver it to the nearest post office, they’ll be able to retrieve their package. Of course, the only one doing the retrieving in this scenario is the fraudster.
There are more variations but they all amount to the same thing. Fraud.
So how can your organization steer clear of the online fraud this holiday season? Follow these important guidelines:
External Threat Protection Strategy. Ensure your fraud protection solution really does offer comprehensive, proactive threat detection and takedown. Easy Solutions offers clients an all-inclusive fraud protection solution that examines millions of information sources across the Internet–from social media sites and app stores (official and otherwise) to forums and blogs–to quickly ascertain whether your brand is being damaged and stop those attacks in their tracks. We also provide company impersonation protection, real-time alerts when external threats are detected and a comprehensive reporting feature that allows your IT team to see at incidents and incident status at a glance and even request additional takedown on specific attacks. It’s the total (holiday) package.
Enact Email Authentication Solutions. Email phishing is still very prevalent, especially this time of year. Email authentication can intercept and reject fraudulent email before it is received by employees, customers, and business partners. You will also be able to monitor who is sending spoofed email, where it is received, as well as the contained phishing URLs and malware.
Educate Employees and Customers. As tempting as it might be–the email certainly looks official!– Do Not Click. Employees should be warned to be extremely cautious of opening any attachments or links in unexpected emails, especially if those emails contain spelling and grammar errors. By inadvertently clicking on a fraudulent link, they are exposing your company and its data to the possibility of ransomware and worse. Think that email or phone call might be legit? Rather than taking a chance and clicking on the link or sharing personal information over the phone, employees should call the vendor or person directly or log in to the account in question and check for any notifications or messages.
Implement a Multi-Layered Infrastructure. There is not a one-size-fits-all answer to stopping fraud. Companies need solutions that work independently from each other, but can also deliver a collaborative protection suite of products that leverage every aspect of a fraud prevention program when deployed together. Moreover, an effective strategy must engage fraud throughout the attack cycle by proactive taking down threats, as well as monitoring, identifying and intercepting them before end users are aware of problems. This approach reduces false positives and allows organizations to stay ahead of the latest fraud trends, because cybercriminals never take a break – even over the holidays.