December 19, 2024

Holiday Cyberattacks: Is Your Helpdesk Prepared?

by
Nametag Team
press@nametag.co

Get in touch with our PR team.

Download media kit

Logos and graphics to help you cover Nametag.

Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Learn how

The holidays should be a time to relax with friends and family. But the season looks different for the nearly 3 million people who work in customer support and the millions more that work at IT help desks. A blizzard of cyberattacks is here, even as support and IT teams are more under-staffed than ever. This holiday season, give the gift of support to your support teams.

“Crooks prepare all year for the holiday shopping season, taking advantage of increased activity and consumers who let their guard down searching for the perfect gift” – Paul Fabara, Chief Risk Officer, Visa

A Blizzard of Breaches and Ransomware

The holidays are a terrible time to mount a response to a ransomware attack—which is exactly why hackers love this time of year. After numerous high-profile ransomware attacks and breaches on organizations this year, ranging from Planned Parenthood to Dell and Ticketmaster, and a U.S. Department of Health sector alert on social engineering attacks against IT helpdesks, all indications are that we’re in for a blizzard of ransomware attacks this winter.

Retail data breaches are showing an increase of 18% year over year, and it’s not hard to see why there’s an uptick during the holidays: website traffic is higher, payment processors are busier, and customer data is more plentiful during high sales periods. Increased web traffic and overworked IT staff will be less likely to spot fraud or go through the necessary security checks. 

During last year’s holiday season, Amazon faced a surge in phishing attacks designed to scam Prime customers via email attachment and Prime membership scams. One tactic involved criminals, posing as Amazon customer service representatives, who sent emails to customers that warned their accounts were at risk of suspension unless they clicked on a link created by the threat actor.

“The bad thing isn't opening the attachment, it's clicking on the link in the attachment, which goes straight to their website, where they start collecting all kinds of information,” Scott Knapp, director of worldwide buyer risk prevention, Amazon

Ransomware is frequently mistaken to be a problem of encryption. In reality, ransomware attacks are often enabled through social engineering techniques. A 10-minute phone call was all it took to shut down MGM Resorts, costing the casino giant $100 million.

When Santa Brings a New iPhone, the Grinch Brings Social Engineering

Think about all of your employees who will be receiving new phones as gifts this year. If you allow Bring Your Own Device (BYOD), they’ll need to re-provision their new phone as their new MFA device. That means contacting your help desk, where agents need to verify that the person requesting an MFA reset is actually an employee.

70% of cybersecurity professionals admitted they’ve been intoxicated while responding to a ransomware attack on the weekends or holidays, according to Cybereason. This is not surprising given how stressful the job is, with four in five cybersecurity professionals reporting burnout. What’s harder than figuring out whether the person calling your help desk is trying to socially engineer you? Trying to figure it out while you’re drunk. 

A survey of 1,206 cybersecurity professionals by Cybereason paints a bleak picture of ransomware responses during the holiday season: 

  • 60% of respondents reported longer periods to assess the scope of the situation
  • 50% said it required more time to mount an effective response
  • 33% said it resulted in a significantly longer time to fully recover

Ho-Ho-H-Oh No, Customer Support Teams are Not Prepared

A recent Norton report finds that 48% of US holiday shoppers have been targeted by a scam while holiday shopping online and 53% are worried about shopping scams during Black Friday and Cyber Monday. Consumers are more vulnerable to these attacks during the holidays because when we’re tired and busy, our brains are less likely to spot the typos and other signs in an email that looks like it’s from our favorite retailer or our boss.

But what about your workers?

89% of Americans say the holidays cause them stress. And the holiday season can be extra hard for people already suffering from depression or loneliness.

Trade groups are estimating that the 2024 holiday season will hit a new record in consumer spending. But with it comes even more pressure on your customer support center.

Support representatives are overwhelmed by a wave of customers who are locked out of their accounts at the worst time of year, desperate to finish their holiday shopping. Every password reset can take between 2 and 30 minutes to resolve, adding an enormous amount of frustration for everyone involved.

According to TCN Inc, 73% of customers will leave a brand after one bad experience. It makes sense: after spending 10 or 20 minutes trying to get into your account, wouldn’t you just go somewhere else to buy instead?

‘Tis the Season to Defend the Helpdesk

Customer support reps and IT helpdesk agents aren’t social psychologists, nor should they have to be. Even if an individual agent has been reading up on social engineering, you can’t expect them to spot attacks in real time.

Thankfully, organizations can equip their agents with easy-to-use identity verification (IDV) tools. These solutions stop social engineering and prevent ransomware attacks by verifying people quickly and securely when they contact the helpdesk. Surrounding helpdesks with this “IDV armor” protects users by securing high-risk moments like password resets, MFA device re-provisioning, and account lockouts. The most advanced IDV systems  take a “swiss cheese” approach that combines cryptography, biometrics, machine learning and AI. With these solutions, organizations can achieve:

  • ‍Increased security: Immediately protect against emerging threats like generative AI-powered social engineering and deepfake-wielding imposters.
  • Reduced costs: Resolve more support tickets more quickly by reducing user verification from minutes to seconds, boosting agent efficiency.
  • Improved experiences: Help customers and employees get back into their accounts more quickly, without having to ask annoying security questions.

As cyber threats grow more sophisticated, it’s imperative that organizations take the necessary steps to protect themselves and their customers, during the holidays and all year round.

Secure your helpdesk against social engineering and impersonators.
Learn more about Nametag
Right Arrow Blue
We use cookies to provide, improve, and promote our services. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. Visit our Privacy Policy to learn more.
Decline
Accept All Cookies