The peak of the shopping season in many countries starts on Black Friday on 29th November and runs to the New Year sales. This five-week period is when most retailers offer discounted prices and promotions on millions of goods, and take a large percentage of their annual revenues through the tills.  

Black Friday and Cyber Monday, on 2nd December, the Monday following Thanksgiving in the US, which focuses on online sales, are also times of heightened cyber security risks for both retailers and shoppers. Criminals know that the best time to attempt to scam people is when they’re busy, in a rush, distracted, a little stressed, and have their minds on other things.  

Retailers at risk  

In the festive season in the past year, cybercriminals attempted several tactics to make a quick profit. This year, retailers may face Distributed Denial of Service (DDoS) attacks aimed at disrupting their online services, causing downtime and preventing consumers from making purchases via their websites. Criminals know that such attacks can result in significant financial losses and damage to the retailer’s reputation, so they can use them to hold businesses to ransom. 

Furthermore, the high volume of transactions provides more opportunities for cybercriminals to target retailers and consumers with data breaches. Retailers must ensure their systems are secure to protect customer data from being compromised. 

The increased demand can strain supply chains, making them more vulnerable to cyber-attacks. Threat actors might target suppliers or logistics companies to disrupt the delivery of goods to hundreds of different companies in one stroke. 

Best practices for retailers 

There are several steps that businesses can take to minimise risks: 

• Implement robust security measures, such as two-step verification (2SV), also known as multi-factor authentication (MFA) 
• Train employees to be cyber security aware and to recognise and respond to phishing attempts and other social engineering tactics
• Conduct regular security audits and vulnerability assessments 
• Ensure compliance with relevant data protection regulations such as the General Data Protection Regulation (GDPR) 
• Create an incident response plan to quickly address any security breaches if they do occur 
• Sign up for an incident response retainer as an extra safety net if the worst happens
• Implement a managed detection and response (MDR) system, such as Quorum Cyber’s Clarity Defend, Clarity Extend, or Clarity Protect, to monitor, detect, and respond to any suspicious activity on company IT systems around the clock. 

Shoppers vulnerable to scams 

The UK’s National Cyber Security Centre (NCSC), part of the British government’s intelligence, security and cyber agency, reports that Brits lost over £11.5 million to online criminals from November 2023 to January 2024. The average age of a victim in the UK was 42, with 30-49-year-olds being most vulnerable.  

Cybercriminals are experts at exploiting the surge in online shopping at this busy time in the calendar, using phishing scams, fake websites, mobile apps, and other fraudulent tactics. They may send out emails or set up websites that mimic legitimate retailers to steal personal information and payment details. These fake sites can be very convincing, making it difficult for consumers to differentiate them from real ones. 

Shoppers are more likely to encounter phishing emails and social media messages that contain malicious links or attachments. These messages often appear to be from trusted retailers offering exclusive deals – and they usually try to enforce a sense of urgency before the deal expires. 

By being aware of these cyber security risks and taking proactive measures, both consumers and retailers can better protect themselves during the coming festive shopping period. 

Contact us to secure your business  

Learn more about how Quorum Cyber protects the retail sector. If you would like to discuss any security measures to protect your assets, your data, and your customers, please get in touch.