Even before chestnuts were roasting on an open fire, cybercriminals were planning their holiday season of theft and mayhem—and those not heeding best practices could become victims of malicious actors.
FortiGuard Labs’ monitoring of the darknet in the months leading up to the holidays uncovered a series of new tactics and offered solution providers and their customers advice to heed to avoid getting sucked in.
“Tools and services now available on the darknet empower attackers to target e-commerce platforms and unsuspecting shoppers more effectively than ever,” writes FortiGuard Labs. “This year, threat actors are leveraging cutting-edge techniques, including AI-powered phishing lures, sophisticated website cloning tools, and remote code execution (RCE) exploits (vulnerabilities that allow malicious code on a remote computer) to gain unauthorized access to shopping platforms.”
In its Threat Intelligence Report for the 2024-25 holiday season, FortiGuard Labs – Fortinet's threat investigation unit – said it detected a series of new tools and tactics being shopped on the darknet this year. Among them:
- Gift cards, credit/debit card information, POS data, admin access to e-commerce sites;
- New phishing and spam services;
- Website cloning to trick unwitting users into providing personal or financial information;
- More sophisticated phishing emails are now developed and written by artificial intelligence-based apps.
Just the raw amount of stolen personal and financial data—including credit card and debit card information—is enough to raise concern. The threat report indicates that “combo lists,” which are “massive compilations of leaked usernames and passwords” often taken from previous data breaches and now packaged into big, neat holiday cyberthreat packages, are now being widely used.
For solution providers, this provides yet another discussion opportunity with customers - and maybe even family members - on the importance of following recommended practices. These include double-checking URLs before clicking, avoiding public Wi-Fi networks for financial transactions or sending personal or business information, and implementing up-to-date fraud protection tools in a network.
That also means reinforcing the common-sense steps individuals, businesses and solution providers should take to keep protected during peak fraud or cybercrime seasons.
“...(B)usinesses must take a proactive stance on cybersecurity while consumers must stay informed and cautious about the threats lurking online,” warns FortiGuard Labs.
‘Tis the season for sharing, but make sure the gifts you’re giving out aren’t information you want to keep private.