In years gone by, Boxing Day was a mad rush to physical stores where there was a set time to grab a bargain. 2020 was different as more people were unable to visit stores and Boxing Day sales moved online.

This gave consumers more time to prepare, plan, research and take advantage of multiple sales at the same time, but it also allowed cybercriminals to prepare, plan, research and scam, according to KnowBe4 security awareness advocate, Jacqueline Jayne.

“As we spent more money online, they scammed more money online. The exact amount stolen from consumers by cybercriminals (scammers) is unknown, however, based on reported data it is in the billions,” she said.

“This year, Boxing Day sales will be a hybrid event with those who can, lining up at the shop ready for the doors to open and for the rest of us, we will have multiple tabs open with ‘add to cart’ at the ready to grab a bargain.”

Many retailers are thrilled to just be in business after the last 18 months and are probably not cyber ready for the holiday season, according to Jayne.

“Credit card data is a form of currency for cyber criminals and retailers have a lot of it. POS (point of sale) systems are a point of attack to obtain credit card details and personal identification numbers (PINs),” she said.

“In these instances, malware (malicious software) is installed on the POS which will record everything. Most malware will find its way onto a POS via email where an employee unintentionally engages with a phishing email (malicious email) that results in the deployment of the malware.

“There’s also ransomware, another form of malware, and as the name suggests, once this malicious software has been deployed, systems are shut down and a ransom is demanded. Once again, ransomware finds its way into networks by human error via engaging with a phishing email.”

Should a retailer become the victim of a successful cyberattack, they face loss of reputation, financial impact, brand damage, loss of trust and even having to close the doors, so Jayne has shared her top six tips for retailers to prepare.

  1. Patch your software and check that your networks are protected from vulnerabilities.
  2. Take your employees through security awareness training to avoid falling for scams and social engineering attacks in both their personal and professional lives.
  3. Make sure all your employees know what to expect in relation to paying invoices or transferring money. If they don’t understand what a Business Email Compromise (BEC) is the chance of them falling for one is very high.
  4. Educate your customers on what to look out for to avoid being scammed. Have a page on your website dedicated to communicating with customers on any reported scams.
  5. Use social media to keep customers up to date with scams and can also be used as a platform to educate on staying safe online.
  6. Educate customers who come into your physical stores on staying safe online and shopping safely.