In a 2016 report on internet cybercrime, the Federal Bureau of Investigation found that millions of people in the U.S. are victims of cybercrimes each year, with victim losses totaling $1.33 billion. CBS reports big organizations, such as governments and businesses, hold caches of individual information, which is useful for identity thieves.
While some cyberscams are impossible to avoid, cybersecurity experts advise that business owners and decision-makers get educated on the topic and take the necessary steps to protect sensitive information. By taking proper precautions, businesses of all sizes can help mitigate damages in the event of a cyberattack.
While there are endless cyberscams out there, here are the three types of attacks experts advise watching out for this holiday season:
1. Account takeover attacks
Anthony Khamsei, CEO and founder of Gold Security, said account takeovers pose a huge threat to businesses. These attacks occur when a cybercriminal exploits usernames and passwords stolen during a third-party data breach to break into a customer's account on another site.
"The fact that people tend to use the same account information across multiple sites makes this popular cyberscam very efficient. Once logged in, hackers have free rein to commit fraud," he added.
2. Phishing emails
Phishing is an avoidable type of cyberattack that lures victims into clicking an infected link, usually in the body of a disguised email or on a fake webpage. A general rule of thumb to follow is if it seems too good to be true, it probably is. If you don't recognize and email or something seems off, think twice before clicking a link or providing any personal information.
"The holidays are when phishing emails seem to make their way into inboxes with more frequency. Offers of big sales or discounts on holiday items and fake shipping statuses can fool even the savviest shoppers," said Bill Ho, CEO of Biscom, a company that offers cyber security solutions.
3. Fake invoices
Fake invoices for goods or services are also a common form of attack. In these instances, the attacker simply hopes the victim will assume the invoice is real and pay. When receiving any type of communication, particularly those surrounding payments, always confirm that the message truly came from the source. Reach out directly to the company and ask questions.
"Scammers send invoices with a state insignia saying [you] owe [them] a fee for registering as a corporation or LLC. Other times, they send invoices for business listings, advertisements, web domain renewals or office supplies that weren't ordered," said John Swanciger, CEO of Manta.
How to protect your business
Stay vigilant. Phishing emails are challenging to avoid and require education, according to Khamsei, but staying vigilant is key. "If an email seems unexpected or unusual, leave it closed!"
Khamsei cautions that the holidays are a popular time for cybercriminals. Consumers shop more and are more preoccupied. They are less likely to catch things they may have otherwise noticed, and that goes for the office, too.
Be alert. Be equally suspicious of other communications as well, especially phone calls. For example, if an electric company calls and says your company's electric bill has not been paid and your power is going to be turned off, call the phone number you've used previously (or visit the company's website for the phone number) to verify. Scammers will go to great lengths to get your money.
Keep your technology updated. Entrepreneur advises updating it all: operating systems, browsers and system software. Keeping technology updated ensures you have the latest deterrents to keep cyberscammers at bay.
"The high severity updates that are pushed out by companies like Microsoft, Adobe, Apple – they are not pushing them out for fun. They are pushing them out because of malicious and strong vulnerability," said Warren Mercer, technical leader of threat intelligence group Cisco Talos, in an article by The National.