‘Tis the Season for Holiday Shopping Scams

by Granville Triumph

With supply chain bottlenecks triggering inventory shortages across almost all industry sectors, nervous consumers are starting their holiday shopping early this year in an effort to avoid climbing prices, delivery delays and product shortages. You might be surprised to learn that this trend could create a host of unexpected security issues for your business.

Most analysts believe retail shortages will drive more consumers to do the bulk of their holiday shopping online. An Adobe Analytics report anticipates online holiday shopping will reach a record $910 billion globally this year. 

Like it or not, a good deal of that shopping will be conducted from the office.

More than two-thirds of American workers admit they shop online from the office or while using a corporate device, according to multiple surveys. Among millennials, the number rises to more than 80 percent. It is likely even higher than that for remote workers using personal devices connected to the company network.

That presents an enticing opportunity for malicious actors. The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation recently warned that cybercriminals are increasingly linking ransomware and phishing campaigns to the holiday season, with significant spikes likely on Black Friday and Cyber Monday. If employees aren’t careful, they could easily expose company networks and business-critical information to cybercriminals.


Merely clicking on infected hyperlinks, email attachments or websites can bring disastrous results by triggering a ransomware attack or launching malware that infiltrates the corporate network. One of the more common holiday season scams involves fake social media links to supposed discount coupons from popular retailers.

Fake receipts and shipping alerts are also popular phishing scams. Online shoppers will receive lots of invoices, receipts, order confirmations and shipment tracking messages by email — all of which are easily spoofed by scammers. Because people are expecting such messages from legitimate sources, they are much more likely to click on infected attachments.

Some organizations try to avoid these threats by banning online shopping from work. That hasn’t proven to be a particularly effective strategy. In fact, one recent survey found that senior-level executives and managers are far and away the biggest offenders.

Stay Vigilant

A more effective — and employee-friendly — approach is to take some time to make sure employees understand what they need to do to protect themselves, their devices and the company’s assets. The National Cybersecurity Alliance offers these suggestions:

  • Think before you click. Be extremely cautious about clicking on email or text links with enticing offers from retailers. Go to the company’s website to verify that the offer is legitimate.
  • Choose the safest payment options. Using a credit card is safer than using a debit card because credit cards come with greater consumer protections. Better yet, use a prepaid card with a small credit limit or a third-party payment service.
  • Stay updated. Be sure that all Internet-connected devices, including PCs, laptops and phones, are running updated security software. Many of the latest endpoint security tools feature ransomware protection, memory inspection, encryption, vulnerability shielding, browser exploit prevention, web threat protection and more.
  • Be suspicious. Do not enter your credit card details on unfamiliar sites. Always double-check that the webpage is genuine before entering any of your credentials. Look for the HTTPS extension to see if the site is secured using an SSL Certificate.

There is no shortage of cyber Grinches out there looking to take advantage of holiday shoppers. By remaining aware of the threats and encouraging safe online behaviors, you can help ensure the season remains merry and bright.

Leave a Reply

Your email address will not be published. Required fields are marked *