With jump in holiday online shopping, cybercriminals get active

With consumer online spending surging this holiday season, criminals are after a piece of the pie.

U.S. consumers will spend a total of $189 billion online from Nov. 1st through Dec. 31st, a jump of 33% from 2019, according to a projection from Adobe Analytics, leaving more opportunity for cybercriminals.

Black Friday, in particular, is a prime time for seasonal scammers. When cybersecurity firm Tessian surveyed I.T. decision-makers in the U.K. and U.S., the majority told them that they receive more phishing attacks in the last three months of the year – in the lead-up to the holidays – compared to the rest of the year.

Already this year, e-skimmer criminals are active, according to research from RiskIQ, which recently posted research on a wave of attacks on e-commerce sites.


Injecting e-skimmers, or credit card skimmers, on shopping websites to steal credit card details is a popular tactic for Magecart, a consortium of different hacker groups who target online shopping cart systems, as The Hacker News points out.

“This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of websites at once,” according to RiskIQ.

To avoid this, consumers should not save credit card information on retail sites and, instead, use payment methods like PayPal, Apple Pay, or Google Wallet.


Another tactic for criminals is to leverage popular brands in email phishing attacks.

In 2020, cybercriminals are ramping up and perfecting brand forgery, Dave Baggett, co-founder and CEO of anti-phishing startup Inky, said in a statement sent to FOX Business.

Cybercriminals steal source code from retail brands’ e-commerce sites to create “identical and perfect brand forgery sites,” according to Inky.

The more authentic the phishing email, the more likely that consumers will click on malicious links in the email.

The upshot: consumers should expect to see more fraudulent emails claiming to be from Amazon, Best Buy, and Walmart, among other major retailers, in the coming days and weeks.


Another scam that has been making the rounds is the so-called “Secret Santa” or “Secret Sister,” according to the Better Business Bureau.

This gift exchange campaign quickly became popular on Facebook in 2015 with posts promising participants would receive up to 36 gifts, in exchange for sending one gift.

“Each holiday season the scheme pops back up,” the BBB said. Newer versions of the scam include exchanging bottles of wine or purchasing $10 gifts online or references to “happy mail” or doing the exchange “for the good of the sisterhood,” according to the BBB.

This is a pyramid scheme so “ignore it,” the BBB said.

Gift card abuse

This a perennial threat due to the widespread use of gift cards, according to the Retail Gift Card Association (RGCA).

Gift cards have been the most popular gifts in the U.S. for many years, according to the National Retail Federation.

“Criminals can abuse gift cards, just as they can abuse debit cards, credit cards, or checks,” according to the RGCA, which suggests that consumers decline unsolicited demands for payment and buy cards directly from retailers and known brands.