Combating Phishing and Fraud this Holiday Season

29 November 2022 | 3018 Shares

Source: Unsplash

In addition to a notable amount of time and resources spent on loss prevention, online loss prevention also needs addressing by brands. Efforts to combat online theft, fraud and impersonation increase during peak times, in parallel with the increased turnover and demand that occur during this holiday season, for example.

Combating phishing at these times, too, becomes a major preoccupation, as it’s an activity that’s a precursor to many cyber incidents. The number of phishing-related events rises too when the business is most busy.

Therefore a notable amount of time and resources are spent on online loss prevention. These efforts increase during peak times, in parallel with the increase in fraud that occur during the holiday season, for example. Combating phishing at these times is a major preoccupation, as it’s activity that’s a precursor to many incidents, the number of which also rises when the business is busy.

But fraud on a larger scale, especially fraud that impinges on a brand’s good name, is altogether a different, more significant problem. Threat actors, be they individuals or organized gangs, impersonate well-known brands in every sector, causing financial losses for the duped customer and significant damage to the brand’s reputation. A common scenario is the appearance of duplicate retail sites that lure shoppers into parting with payment card details. At busy times – like this holiday season – they represent quick money for cybercriminals, thanks to the huge demand for goods at this time of the year.

In cybersecurity terms, phishing now threatens more than an individual taken unlucky enough to be parted from monies for gifts that will never arrive. Fraud on a huge scale can be perpetrated after a single compromised account, and the larger the imitated retailer and associated brands, the worse the negative impacts.

Some statistics point out that of every 2,500 companies targeted by threat actors’ phishing attempts, some 20 are successfully breached, and one will fall prey to fraud.

In many cases, affected companies need not even be aware they are being effectively defrauded. Entire spoof websites and mobile apps can continue their theft from seasonal shoppers by impersonating the brand and its assets, quite without reference to the originals.

Tracking down the effects of compromised systems (and shutting them down) is time-consuming, and it’s a body of work that usually falls to the cybersecurity teams of large companies. At any time of peak demand, like public holidays nearly upon us, it’s easy for cybersecurity professionals to take their eyes off the ball – there’s enough going on to worry about.

One set of illicitly obtained credentials can open up a treasure trove of possibilities for criminal elements, whether they are from an internal employee or a single shopper. Every mode of communication, like email, Teams, Slack, SMS, and many more, represent an attack vector and a source of information. With so much information available to threat actors, phishing gets smarter, more believable, and comes with greater negative brand and monetary cost.

Protecting against phishing comes in two guises: protecting the individual customer of a bank or online store for example, and protecting internal credentials that, when compromised, open up a brand’s resources. So brand protection, therefore, has to extend from the organization’s perimeter to areas where most cybersecurity professionals don’t have time to go.

These days end-to-end phishing detection and correction means more than ensuring individuals’ accounts have not been compromised. It means constantly scanning public pastebins, git repos, malware logs, and dubious online forums for any mention of illicit activity regarding a brand or organization.

Gathering cyber intelligence from across the internet and the dark web proactively extends “traditional” measures that protect the perimeter and a brand’s cloud assets. Instead of looking at the organization’s networks from outside (and trying to get in), today’s threat intelligence operators look outwards for signs that a company has been compromised. By tailoring the intelligence to the business’s attack surface, the cybersecurity team can focus on where its attention is required at the busiest times of the year.

In many cases, the methods by which the organization was compromised inform cyber protection measures or changes in work practices that will prevent a repeat or a similarly-formed attack. The important aspect is to remain proactive, directing cybersecurity efforts according to intelligence and test results. Also critical is the ability to react and repair quickly. With the right intelligence in place, the TCO of the entire cybersecurity suite can be lowered, its effectiveness increased and its focus more clear.

The most common cause of problems, according to Microsoft’s DIgital Defense Report, 2022, is lack of privilege controls and little monitoring of east-west traffic. That may or may not be a problem in your organization, but if it is, the news of that susceptibility (or any other chink in the armor) will spread fast.

Fraudulent activity is especially masked in times of heavy trading, be that year-end business flurries, public holiday events, or regular seasonal upticks. It’s then that Cyberint’s continuous monitoring of threat intelligence sources pays particular dividends to its users. Busy staff are more likely to click on dubious links, or interact on a chat platform with threat actors imitating known contacts.

Cyberint’s threat intelligence is a highly effective way to extend the cybersecurity function. Its remit extends out into where threat actors thrive and communicate: on the dark web, via secure channels and “marketplaces” where hacking is available as-a-service. In many instances, the build and testing of a phishing site by bad actors, for example, can be detected and proactive action taken to shut it down.

Critically, doing so is done independently by Cyberint’s systems and staff — as an additional layer of defensive capabilities that protect regardless of how busy internal teams may be.

Cyberint can locate and shut down fraudsters and brand impersonators in just a few hours, protecting the client company’s good name and its customers. Cyberint’s systems scan many billions of IP addresses a month, helping create a solution that significantly lowers the risk of losses, be they financial or in terms of a brand’s good reputation.

To learn more about Cyberint, reach out to the company and request a demo of the threat intelligence service that’s truly end-to-end.