According to statistics company Statista, the annual share of organizations affected by ransomware attacks is nearly three-quarters (72.7%). That’s up only slightly from last year’s 71%, but is a significant 31% increase when compared to just five years earlier.
What’s also interesting is comparing the percentage of organizations impacted against the number of annual ransomware attempts globally. In 2022, there was a material drop in the overall number of attacks, and yet, referring back to the graph in the blog post, the percentage of organizations affected actually rose. More…
If increases in cyber attacks this year are any indication of what to expect in the next six weeks of holiday shopping, we should expect a massive uptick in holiday-related scams.
The expectation by the National Retail Foundation for this year’s holiday shopping is that we will see 4% more spending than last year. This is a slight year over year decrease (as last year saw a 5.4% increase over 2021), but still indicates increases in spending.
And all that spending means lots of time spent online, checking emails, looking for packages that haven’t arrived yet, and charitable opportunities for those in the giving spirit — just what cyber scammers are planning on taking advantage of.
Whether we’re talking about specific notable holiday dates like Black Friday, Cyber Monday and Giving Tuesday or are simply realizing that these days more reflect the general spending and giving mood this time of year, the opportunities for cyber scams will once again abound.
Some of the general themes to warn your users against:
- Holiday specials (that are too good to be true)
- Shipping issues with one of “your” packages
- Fake invoices or notifications for purchases you actually never made
- Heavily discounted gift cards (see “Holiday Specials” above)
- Fake charity websites and emails seeking your donations
In all these scams, the first step is to check to see if the brand claimed within the email or website (e.g., Amazon, UPS, Apple, etc.) is legitimate by looking at the sender address in emails and the URL of any involved websites.
Second, you can further put a potential scam to the test by going to the known-good domain for the claimed brand and validating the claim made in the scam (e.g., visiting Amazon’s official website and looking at your orders to see if that invoice for a $3500 105″ TV is really a purchase on your account).
There will no doubt be plenty of other scam themes I haven’t listed above; the important thing is to remain vigilant and err on the side of caution, believing any exceptional good or bad news related to the holiday season is assumed to be a scam first until proven to be legitimate.
Blog post with links:
CISA urges water facilities to secure their Unitronics PLCs
News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs.