After two years of ordeal owing to the COVID pandemic, the world is coming back to normalcy. As we approach the new year, holiday fervour grips all. In India, the hospitality industry is on a roll. From airlines to hotels, bookings are running full. Be it physical malls or ecommerce companies, brisk sales are evident. Data suggests that the country has already seen more air traffic than in the pre-pandemic period. Similarly, consulting firm Redseer data showed that ecommerce retailers had already seen double the sales this year in India so far as compared to the pre-pandemic year of 2019. With the new year and Christmas approaching, consumers will again be flooded with offers through various digital channels for annual shopping, travel, and gifting among others. As inboxes get flooded with messages, consumers usually drop their guard concerning sound cybersecurity practices. It, thus, provides a chance for nefarious elements for mounting different types of cyberattacks on individuals and organisations.
Online purchase faces the most risks:
The adoption of digital channels for online purchases is on a rise in India. According to Redseer Strategy Consultants, the country has 350 million online customers across ecommerce, shopping, travel and hospitality, and OTT (over-the-top) media services among others. With such a huge surge in consumers buying online, this holiday season is likely to witness multiple cyberattacks being mounted on gullible purchasers. Scammers will try to take advantage of unsuspecting shoppers in multiple ways, including through the use of fake websites, discount campaigns, and even charities for stealing personal and financial information. Therefore, it is important to know the different ways these threat actors take advantage of the holiday season and the methods to stay protected from such malicious attacks.
Fake advertisements and malicious links:
The holiday season is the time when retailers run various schemes to attract consumers. Many of these offerings come in bundles, or with price discounts. Taking advantage of such a trend, scammers zero in on targets who are searching for the best deals for saving money by opting for price discounts and bundle promotions. Threat actors run fake advertisements showing valuable and hard-to-get items at incredible prices. They often try to attract buyers by promising attractive discounts, and promises of limited offers. These actors follow similar marketing strategies to genuine retailers. When an unsuspecting buyer clicks on the links, they lead to fraudulent sites. Vital financial information like credit card numbers and codes, and debit card information get stolen through such phishing emails with credit card skimmers embedded in the code.
Safety tips:
Shoppers can protect themselves from fake ads and malicious links by performing a quick check on the product being advertised. So, a customer should double-check the brand and the offer if it seems too good to be true by checking the veracity by visiting the official website of the brand. Similarly, pictures attract buyers the most. Comparing the pictures on the official website, therefore, should be done. Usually, scammers create a sale site that looks similar to the official brand’s website but has spelling and language inconsistencies. Also, cross-checking policies on shipping, returns, customer support, and privacy protects a buyer from such cyber fraud. Moreover, checking the site by looking for “https” at the beginning of the site’s URL and ensuring that there is a closed lock or unbroken key icon should be a must. These icons indicate that data submitted on the site is encrypted and safe.
Fake Discounts & Coupon Code Apps:
The usage of apps has seen a huge surge in India. In 2021, the country had the second-highest number of mobile app downloads in the world. These apps and APIs have emerged as the new route for scamsters to fleece consumers. Scammers build fraudulent applications that claim to search for and consolidate discount codes and coupons from popular brand names. Once downloaded by a gullible user, malware is inserted into the device, stealing payment information, or credentials to social media or online banking accounts.
Safety tips:
If the company name is not obvious, it is better to check for community reviews for how long the app has been around. Usually, scam apps are not more than a few months old. Various reliable sites provide information about the developer of the app, the number of downloads, and the year of development among others. If fetching such information is not easy, it is better not to transact on such apps. An individual can take the help of public malware-checking sites like VirustTotal to check an application or suspicious file’s reputation to prevent malware attacks. However, one shouldn’t upload personal files on these sites as it is shared publicly.
Phishing Campaigns & Holiday Email Scams:
The innocuous-looking email is a potential weapon for a phishing attack. And the holiday season is rife with such phishing scams. As people search for holiday packages, they should be careful about these unassuming emails with clever subject lines. Usually, scamsters lure holiday-goers with emails in the name of established brands. Loaded with special gifts, bundle pricing, and extra coupons, holiday email scams may also send shoppers invoices for items they did not purchase. Some emails even ask purchasers to click on deceptive links to “report a problem” or reach a customer service team member. Clicking such links leads shoppers to malicious websites primed to drop malware or phishing for login credentials.
Safety tips:
Shoppers should defend themselves from malware attacks by using trusted security software. One should also make sure that the device’s operating system is up-to-date and use multi-factor authentication through multiple passwords. Checking the emails by inspecting the addresses before clicking on the links can save one from phishing attacks. Scammers often use URLs that look similar to real ones, replacing letters and spacing with numbers and punctuation or using odd domains. Shoppers can also check their browser settings for appropriate privacy and security settings.
Fake Charity Sites & Scams:
The winter holiday is often a time of showing one’s gratitude by paying back to society. And threat actors don’t hesitate to exploit such noble acts. Scammers spoof the phone numbers of legitimate charities and impersonate the agents to ask for donations. They ask for donations through social media and by sending text messages.
Safety tips:
Checking the credentials of such emails, text messages, and phone calls before a donation is a sure way to stay safe and donate to a genuine cause. Therefore, it is advisable to reach out to a charitable organisation proactively or donate through their official website. Also, before making a payment, one should check for a firm payment protection policy of the organisation.
Fake Offers for Temp Work:
Ecommerce companies in India hire a lot of temporary workers to man their operations during the busy holiday season. Indian companies hired a record 400,000 gig and temporary workers to serve festival shopping demand in October 2022. Such a trend is likely to sustain as the new year and Christmas holidays approach. Scammers through attractive schemes impersonate HR representatives, recruiters, and even senior managers of real companies and post help-wanted ads via email or on social media platforms. These sites not only ask for filing personal information of aspirants, scamsters also collect fees from job seekers.
Safety tips:
Job seekers must validate the veracity of such offers by going through the details of the company, its website, and other relevant information. Check the careers landing page to find the official job posting and ensure that the details of the role are the same. Usually, receiving a job offer without an interview and any communication from the officials of the company is a red flag. If possible, reaching out to companies or their HR department through mail or a phone call also helps.
Businesses are vulnerable too:
Not only individuals but also businesses operating in the hospitality and retail sectors are exposed to such virulent cyberattacks. With a rise in traffic, companies should be prepared for possible increases in malware campaigns, ransomware and data extortion, and Distributed-Denial-of-Service (DDoS) attacks among others. Therefore, it is important to establish a robust cybersecurity architecture through real-time monitoring of malicious attempts. It is important to conduct pre-season cybersecurity audits to gauge preparedness and plug the gap in the security system. Payment mechanisms should be full-proof with adequate controls coupled with optimum measures for the protection of consumer data.
As the country prepares to welcome the new year with a colourful Christmas celebration, both consumers and businesses have to stay safe by following sound cybersecurity practices. A robust cybersecurity framework for organisations and cyber safety tips for individuals will add spice to the holiday season.
About the author:
Diwakar Dayal is Managing Director & Country Manager for SentinelOne, India & SAARC.
