As I write these words, Black Friday (soup maker and a pair of Superdry vegan hi-tops, if you must know) and Cyber Monday are fast approaching. I mention this because, while cybercriminals don’t need an excuse to be cybercriming, the holiday season is correctly regarded as a prime-time threat.
Think about it: people are looking for bargains and stores are marketing them. Most of us are looking forward to some time off and winding down for just that. And delivery activity is ramping up, together with the number of missed parcel alerts. You’ve probably already started joining the threat dots here. Fraud shoots through the roof during such a time, especially when talking about an extended period from mid-November until the New Year.
The most immediate threat you think of is likely phishing, in all its guises. You aren’t wrong. However, if you connect phishing campaigns with shopping activity, the knee-jerk reflex is to think it’s a consumer-facing thing, and that’s far from the whole story. Experience tells me that while consumers are the most targeted at this time of the year, corporate campaigns can be far more costly to businesses and lucrative to criminals.
Specifically, those spear-phishing campaigns are aimed
