2023 Holiday Shopping Scams (Updated December 5, 2023)

December 5, 2023

In this update on 2023 Holiday Shopping Scams, WaterISAC alerts members that reports indicate cyber criminals are currently targeting SaaS services and utilizing AI technology, social media phishing, and brand impersonation to pilfer from various sectors. Companies may want to consider proactive measures, such as manual or automated takedown services, to maintain consumer trust during the bustling holiday shopping season.

By using stolen data, scammers have the capability to create over 3,000 phishing domains that mimic reputable brands like Walmart. This enables them to exploit the pilfered information and entice victims into disclosing sensitive banking details. The phishing sites adeptly redirect users to authentic USPS websites. Furthermore, as observed in previous attacks, threat actors are employing stolen personal information to impersonate victims in phishing scams. 

Both customers and organizations must prioritize protection and promptly patch vulnerabilities. Customers should safeguard personal information, practice strong password management, and stay vigilant against phishing attempts to prevent falling victim to cyber threats — especially during the holiday season. 

Read more at Hack Read.

November 16, 2023

The FBI warns of criminals targeting online shoppers and sellers during the upcoming holiday season. During the 2022 holiday shopping season, the FBI Internet Crime Complaint Center (IC3) received reports from almost 12,000 victims reporting non-payment/non-delivery scams, resulting in losses over $73 million. Criminals use a multitude of methods to entice and target victims intending to purchase or sell an item online. Members are encouraged to pass this report to employees to promote awareness of the threat and provide tips to protect themselves. Read more at FBI IC3.