The holiday season has long been a time for glad tidings and cheer. Unfortunately, fraud also notoriously skyrockets this time of year, and we see it time and time again where fraudsters capitalize on this increase in online activity Researchers have observed that attempted ransomware attacks are 70% higher in November and December compared to January and February. Let’s take a look at some holiday fraud trends, as well as ways to prevent fraud.
Phishing
Phishing attacks occur when a fraudster sends out deceptive messages, typically via email or SMS, that may seem legitimate. When consumers fall victim to a phishing scam, threat actors often steal information such as banking or credit card details or infect their device with malware. The fraudsters use this tactic to monetize stolen data by selling it on the dark web to other criminals.
Although phishing is typically executed through email and SMS, a new form of phishing has gained prominence in 2023 called gift card scams. While there are various types of gift card scams, the most common involves fraudsters requesting that their victims make payments over the phone, via text, or through social media messages for things such as taxes, bail money, debt collection, and even prize collection. Phishing has become a popular form of fraud for a reason. The bad actor will go to great lengths to impersonate someone seemingly legitimate to their victim such as a parent, romantic interest, or even a government official.
Promotion abuse
Businesses offer promotions to boost sales, increase revenue, and enhance brand awareness. The abuse of promotion occurs when consumers create multiple accounts to take advantage of discount codes, rewards, sales, and other types of promotions. The impact of promotion abuse is costly. Retailers lose $89B annually to return policy and promotions abuse and more than half of retailers see policy abuse increase during the holiday season. There are essentially three types of promotion abuse:
- Sign-up promo: Creating new accounts to obtain one-time discounts and free trials each time to save on purchases.
- Discount code: Repeatedly using one-time discount codes under different email addresses or phone numbers.
- Referral bonus: Submitting email addresses and referring themselves instead of friends to receive discounts.
Data breach
A data breach is an intentional security incident that exposes sensitive, confidential information to unauthorized third parties. Financial gain is the key driver for fraudsters to carry out breached data attacks, where they’re able to steal sensitive information such as social security numbers and sell them on the dark web or to other fraudsters for as little as $4. Breach events tend to be one of the most extensive ways to steal sensitive information, especially when another company experiences a breach event. If users reused their credentials on other sites, fraudsters then leverage that breached information to access other accounts. Fraudsters use breaches as a tactic to pull off nefarious acts, leveraging the high volume of data traffic exchanged during the holiday season. Some stats to keep in mind as you do your holiday shopping:
- Christmas and Thanksgiving experience significantly higher breach rates, soaring to 187% and 140% above the average, respectively. This may be due to the high amounts of new accounts created to easily shop, causing password recycling.
- 80% of confirmed breaches are related to stolen, weak, or reused passwords. And once a consumer’s personally identifiable information (PII) is breached, it’s like Black Friday for fraudsters as they can obtain the keys to customer accounts—prompting big spikes in account takeovers (ATO). of confirmed breaches are related to stolen, weak, or reused passwords. And once a consumer’s personally identifiable information (PII) is breached, it’s like Black Friday for fraudsters as they can obtain the keys to customer accounts—prompting big spikes in account takeovers (ATO).
Ways to protect your business against a fraudulent holiday season
- Implement fraud prevention tools in your tech stack. Breached Data, an add-on to Telesign Phone ID, confirms if and when critical PII, such as phone numbers, usernames, passwords, and more were compromised in a recent data breach. Layer Breached Data into your existing account integrity workflows to protect customer accounts against ATO. Prevent users from creating multiple fake accounts and deter promotion abuse with Phone ID and Intelligence
,by incorporating risk scoring and phone checks. If friction is your concern, then worry not. Telesign Silent Verification helps you complete MFA workflows without having your customer take any action. - Enable MFA authentication. Enabling multi-factor authentication (MFA) provides an additional layer of security beyond just a username and password. According to the Telesign Trust Index, 94% of consumers agree that businesses bear the responsibility for protecting their digital privacy. Defending customer data and verifying identity before any sign-in or payment transaction is a necessity for a safe, trusted online experience. Verify new accounts with SMS and voice one-time passcodes (OTPs).
- Deliver a frictionless authentication experience. Verification ensures that all users are legitimate by attaching a verified phone number to end-user accounts. The user’s identity can be confirmed whenever they access their account from a new browser or device. This keeps a company’s platform safe from all types of fraud attacks. With Telesign Silent Verify, you can stay a step ahead of phishing attempts. Without OTPs and knowledge-based questions, there’s nothing for bad actors to steal.
- Encourage your users to get creative with passwords. Strengthen your passwords on social media accounts, personal banking, and any other accounts online that hold sensitive information. Reduce the likelihood of hackers gaining access to PII that leaves consumer accounts vulnerable to takeover, with ATO protection. Use a credit card to purchase items online, as it can protect you from a fraudulent purchase better than a debit card. Many credit card companies offer purchase protection, which can cover the cost of damaged or stolen items purchased with the card.
Taking a few preventive measures to protect your business and your customers from fraud and identity theft will ensure you spend the holidays welcoming the glad tidings that this time brings—instead of becoming a victim of fraud. Use the holiday season to rest, recharge, and welcome the new year. From all of us at Telesign—we wish you a happy, safe, and secure holiday season.
