Get ready for a story about a cyber snowball of epic proportions:

2013. Sharpsburg, Pennsylvania. Leaves are getting rusty and falling from the trees, temperatures are starting to dip below the 50’s. It’s cold, with a gentle breeze outside. Autumn is looking great so far, and Thanksgiving is approaching. 

An employee from an HVAC company sits behind his monitor. Black Friday and Cyber Monday are right around the corner. So, he’s using some of his free time to browse the deals online.

He comes upon an ad for a discounted product, clicks it, and receives an email with a link. He clicks the link…

Unknowingly, he has clicked on a malicious link, infecting his computer with malware, allowing hackers to access his company's network. The attackers steal credentials and customer data, including names, addresses, phone numbers, and Social Security numbers.

This unspectacular event from the little-known company would wind up playing a major role in a devastating cyber attack, affecting millions of Americans and costing one of the biggest retailers sales and a decline in its stock price. Oh, and the CISO her job.

It happens that this particular HVAC company was a contractor of Target, the US retailer with nearly 2,000 stores. After infecting the company’s network, the attackers expanded their target to the HVAC’s customers, including Target itself, and were able to use stolen credentials from the contractor to gain access to Target’s network, seizing the personal and financial information of millions of Americans. 

It’s the famous Target breach. Ultimately, cybercriminals were able to steal 40 million credit and debit records and 70 million customer records. In addition to reputational damage, Target’s net earnings dropped from $1.47 a share the year-earlier holiday quarter to 81¢ a share. 

The scenario for Cyber Monday 2023

A year ago, Americans set a new record for shopping online, spending $11.3 billion on Cyber Monday, more than any other shopping day that year.

Look for a new record this year., By some estimates, consumers in the US alone will spend $13.7 billion online. Last year, the average American spent between $113 and $147 on Cyber Monday.

Safe online holiday shopping

Help your team to be smart and stay safe when shopping online with this helpful PDF branded for your company. 

This PDF guide includes tips on how to:

• Identify and avoid fake ads and websites
• Choose trusted retailers
• Evaluate online reviews
• Pay safely and securely
• Protect their personal information

See it in the Aware Force Cyber Library

What cyber threats to look out for during Cyber Monday 2023

Here are three of the most common Cyber Monday scams to keep in mind this year and how to spot and avoid them: 

Fraudulent websites and online stores

Criminals create fake online stores or spoof real ones. These websites — often online for only a matter of hours — are designed to steal personal or financial information or to trick users into buying non-existent products.

How to spot and avoid fraudulent websites:

• Double-check the website’s URL. The spelling of a fraudulent website could be similar to the real thing (or sometimes, the address is shortened or lengthened so it makes no sense) and could be spelled using a ”.net” domain instead of ”.com.”
• Look for signs that the website is fake, such as poor grammar, low-quality images, or prices too good to be true.
• Ensure the website has a URL starting with “https” — an indication that the website is secure. This is becoming less of an indicator, though. 58% of fake websites are now encrypted.

Fake delivery scams

Fake delivery notifications or order confirmations are sent to shoppers, claiming an issue with the shipment: a delay, a missing package, or a fee. The scammers then ask the shoppers to click on a link, call a number, or reply with personal or payment information to resolve the issue.

How to spot and avoid fake delivery scams:

• Don’t follow email links: Visit the website directly 
• Check the sender’s details: Scammers often use email addresses similar to legitimate organizations but with slight variations.
• Install reliable security software on your personal devices: security software can protect you from phishing attempts by blocking malicious links.

“Too good to be true” Ads

They will be all over social media and blogs: flashy ads with impossibly low prices. Often, these ads take the user to fake websites. 

How to spot and avoid fake ad scams:

• You know the deal. If it seems too good to be true, it probably is.
• Confirm an ad by going directly to the retailer’s website without clicking the ad.

Other scams to keep in mind

A few other scams that you can expect to hit the online shelves this autumn are:

• Counterfeit voucher and coupon websites
• Fake charity fundraiser scams
• Phishing scams
• Fake cash app payments
• Gift card scams

How do you keep employees alert and protect the company?

Cybersecurity awareness is crucial during the holidays. Creating and maintaining a cybersecurity awareness program is challenging and time-consuming.

Right now, organizations should engage employees with helpful, time-sensitive content.

• Drop the boring tech talk! Cybersecurity awareness is interesting! Your content should be educative and empowering. 

• Foster good communication and trust between your cybersecurity experts and your workforce (most of whom are not technically oriented).

• Continuously educate yourself and your teams about the latest cyber scams. There is always something new, interesting, and dangerous out there. 

Too busy to take care of your daily workflow to focus on educating your workforce?

Aware Force is here. We deliver timely, relevant content year-round — branded and tailored for your organization, reinforcing your team’s role as subject-matter experts.

Aware Force’s content is easy to use and ready to integrate with your existing cybersecurity programs.

It’s ideal for intranets, websites, internal social media, and your onboarding program.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated!)