The holiday season is here, which means online shopping and activity is at its peak. The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) recently released the 2024 Holiday Season Cyber Threat Trends Report, detailing the threats the retail, hospitality and travel industries face during this time of year.
“For the retail, hospitality and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats,” says Luke Vander Linden, vice president of membership and marketing at RH-ISAC. “From the beginning of October through the end of December, cyberthreats to organizations expand in both scale and intensity to match the rise in consumer traffic.”
Experts in the fraud prevention space were asked a series of questions addressing the scope of threats facing these industries and defensive measures. Analysts name social engineering, account takeover (ATO), bots and fraud as primary threats to watch out for this holiday season. While it’s a priority to be vigilant about phishing and credential harvesting threats year-round, the report emphasizes identifying ATO tactics and monitoring gift card fraud tactics as essential areas to notice this time of year.
To combat these threats, analysts recommend businesses clearly understand the specific tactics used by fraudsters, work closely with customer service departments and make operational changes to get ahead of cybersecurity issues before they happen.
RH-ISAC predicts the most likely cybersecurity trends by looking at data from 2022 and 2023. In 2023, ransomware was found to be the most common threat during the holiday season. The occurrence of phishing decreased from 2022 to 2023, but still remains a significant threat. Email, phone and text message phishing will be important areas to monitor. For the 2024 holiday period, social engineering activity, like seasonal job scams, donation scams and fake charities are predicted to be rampant, as well as ransomware and Scattered Spider attacks.
The report also notes malicious holiday-themed apps and physical theft as a few other ways scammers will be active this season. To prepare your business for potential cyber attacks during the holidays this year, read the full report here.