For example, a recently observed infostealing campaign targets users searching for Black Friday sales. First spotted in October, this campaign imitates well-known brands, like L.L. Bean, Wayfair, The North Face, Bath & Body Works, and IKEA. The domains for these impersonated sites often include “blackfriday,” and utilize the top-level domains (TLDs), “.shop,” “.vip,” “.store,” and “.top.” If payment information is entered into these malicious websites, threat actors can steal the payment and card details. Cybercriminals may also utilize counterfeit Quick-response (QR) codes to direct unsuspecting individuals to phishing websites or malware downloads.

The surge in website traffic during the holiday season also presents serious challenges for retailers, making it more difficult to distinguish between genuine user activity and malicious intent. For instance, distributed denial-of-service (DDOS) attacks can easily blend with genuine traffic, complicating threat identification. Threat actors may launch DDOS attacks that limit and disrupt connectivity, causing interruptions and damaging reputations.

There has been a significant increase in credit card skimmers on online retail sites, particularly small and locally owned businesses. These malware threats exploit vulnerabilities in content management systems (CMS) and plugins, allowing cybercriminals to steal credit card information without the user’s knowledge. Last year, there was a rise in skimmers before the holiday season, with one notable campaign peaking in April 2023. Signs of compromised websites include outdated information, such as “Copyright 2022,” which should prompt users to avoid entering credit card details. Regular updates to CMS and plugins are essential to mitigate such security risks.

Furthermore, Chinese nationals were observed engaging in gift card fraud in the United States through a scheme known as gift card draining. This scheme involves activating stolen or fraudulently obtained gift cards to purchase electronics and luxury goods. According to Homeland Security Investigations (HSI), gift card draining  affects retailers, harms the economy, and poses risks to national security. Although gift card fraud is not attributed to a single organization, Project Red Hook specifically targets Chinese organized crime due to the international nature of these crimes. This fraud undermines consumer confidence in the economy and funds the illicit activities of organized crime groups, including fentanyl production, illegal immigration, and human trafficking. Global losses from gift card fraud have reached hundreds of millions of dollars.

Cybercriminals use various tactics to steal gift card values, including advanced methods to tamper with gift cards and exploit online vulnerabilities. Their operations combine aspects of organized retail crime, victim-assisted fraud, and trade-based money laundering.

Common types of gift card fraud include:

• Card tampering: Criminals alter packaging to steal information before the card is sold, draining funds once the card is loaded.
• Online attacks: Criminals hack online gift card accounts to use or sell stolen information.
• Victim-assisted fraud: Telemarketing groups trick individuals into buying gift cards and sharing codes, which are then sold to criminal organizations.

Warning signs of tampered gift cards include:

• visible tears around the packaging
• compromised pull tabs
• mismatched branding
• unusual PIN cover

If you suspect tampering, contact the customer support number on the back of the gift card.

Lastly, SMS text message phishing is pervasive during the holiday shopping season. These messages may reference online purchases, deliveries, or accounts and prompt the recipient to click on a link or disclose sensitive information. As shoppers may be expecting messages relating to purchases or online accounts used to make these purchases, users could be more likely to respond to and take action on these messages under the assumption they are legitimate. Additionally, text messages impersonating toll services may become more prevalent as traveling increases during the holidays. FedEx, UPS, USPS, Amazon, and toll services are some of the most impersonated organizations in these text message phishing schemes during the holiday season.

Recommendations

• Avoid clicking on advertisements, social media links, promoted search results, or embedded URLs found in emails.
• Confirm requests from senders via contact information obtained from verified and official sources.
• Type official website URLs into browsers manually.
• Only submit account credentials and payment information on official websites.
• Follow the principle: “If it seems too good to be true, it likely is.”
• Do not feel obligated to make decisions under pressure. Scammers create a sense of urgency to pressure you into making hasty decisions without proper analysis.
• Use an advertisement and malicious content blocker that also protects against credit card skimming and other online threats.
• Monitor your financial statements and report suspicious activity.
• Use strong, unique passwords for all accounts and enable multi-factor authentication where available, choosing authentication apps or hardware tokens over SMS text-based codes.
• Reduce your digital footprint to reduce the likelihood of becoming a target for malicious actors.
• Review the NJCCIC product, Stay Cyber Safe During the Holidays, for additional attack techniques and recommendations.