Holiday shopping often brings increased risk, and organizations aren’t exempt. Whether purchasing supplies for a holiday party, or gifts for staff, organizations have to keep a watchful eye on their spending. Security leaders should ensure their organizations are fully aware of the current threats.

According to a recent Malwarebytes report, credit card skimming is on the rise. The report details a specific credit card skimming operation, the Kritec campaign, which specializes in crafting very realistic payment templates with convincing language localization that has compromised hundreds of websites. 

Threat researchers tracked a 50% increase month-over-month in the U.S. since September in newly registered domains attributed to Kritec, demonstrating a huge uptick in both compromised sites and opportunity for innocent shoppers to fall victim.

Another risk to shoppers this holiday season is malvertising – online ads that deliver scams or install malware. This type of fraud is on the rise in both volume of malicious ads and the sophistication behind them. Over the past two months, researchers have tracked a 42% increase month-over-month in malvertising incidents in the U.S. Recent research reveals malicious campaigns carried out in online ads via Google searches, some impersonating big-name brands and scams targeting online tech support for Windows users.

Tips for protecting sensitive payment information

  • Avoid clicking on sponsored ads: Conduct a direct search for the retailer of choice to avoid falling prey to prevalent malvertising tactics which have been known to spoof even huge, reputable brands such as Amazon.
  • Check that copyright: Avoid inputting any payment information into websites that don't look like they've been maintained for a while. Red flags include outdated visuals and old copyright stamps.
  • Consider a password manager and MFA: With every site requiring a password these days, leverage a password manager to protect payment information and set up multi-factor authentication where available.
  • Keep an eye on financial statements: An uptick in online shopping deserves an uptick in vigilance for checking online bank and credit card statements. Flag anything that seems suspicious for quick resolution.
  • Run an antivirus solution: Most antivirus products offer some kind of web protection that detects malicious domains and IP addresses.