Holiday Cyberattacks 2023: Are You Prepared?

Nametag Team
Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

The holidays should be a time to relax with friends and family. But the season looks different for the nearly 3 million people who work in customer support and the millions more that work at IT help desks. A blizzard of cyberattacks is here, even as support and IT teams are more under-staffed than ever. This holiday season, give the gift of support to your support teams.

“Crooks prepare all year for the holiday shopping season, taking advantage of increased activity and consumers who let their guard down searching for the perfect gift” – Paul Fabara, Chief Risk Officer, Visa.

A Blizzard of Breaches and Ransomware

The holidays are a terrible time to mount a response to a ransomware attack—which is exactly why hackers love this time of year. After months of high-profile ransomware attacks and breaches, all indications are that we’re in for a blizzard of ransomware attacks this winter.

Cybersecurity firm Darktrace observed a 30% increase in ransomware attacks during the holidays, and a 70% increase during the months of November and December. In November 2023 alone, IT Governance reported 470 publicly-disclosed data breaches impacting over 519 million records.

In their report, Darktrace pointed out that ransomware is frequently mistaken to be a problem of encryption. In reality, ransomware attacks are most frequently enabled through social engineering techniques. A 10-minute phone call was all it took to shut down MGM Resorts, resulting in $110 million in cost.

It’s no surprise that this year, Visa is specifically warning consumers and businesses to be on the lookout for social engineering fraud, OTP bypassing, and provisioning of false devices. All of these are techniques that hackers like Scattered Spider use to gain access to company networks, harvest data, and then deploy ransomware like ALPHV/BlackCat.

When Santa Brings A New Phone, the Grinch Brings Social Engineering

Think about all of your employees who will be receiving new phones as gifts this year. If you allow BringYour Own Device (BYOD), they’ll need to re-provision their new phone as their new MFA device. That means contacting your help desk, where agents need to verify that the person requesting an MFA reset is actually an employee.

70% of cybersecurity professionals admitted they’ve been intoxicated while responding to a ransomware attack on the weekends or holidays, according to Cybereason.

What’s harder than figuring out whether the person calling your help desk is trying to socially engineer you? Trying to figure it out while you’re drunk. 

1 in 15 verification attempts (6%) are someone pretending to be someone else. All it takes is one to breach your system, leak data, and initiate a ransomware attack.

A survey of 1,206 cybersecurity professionals by Cybereason paints a bleak picture of ransomware responses during the holiday season: 

  • 60% of respondents reported longer periods to assess the scope of the situation
  • 50% said it required more time to mount an effective response
  • 33% said it resulted in a significantly longer period of time to fully recover

Ho-Ho-H-Oh No, Customer Support Teams are Not Prepared

In their excellent article for MakeUseOf, Damir Mujezinovic points out that it’s easy to see why the average person might fall for a phishing attack this time of year. When we’re tired and busy trying to plan our holidays, our brains are less likely to spot the typos and other signs in an email that looks like it’s from our favorite retailer or our boss. Even CNBC ran an article in November warning people to be on the lookout for fraud and scams.

But what about your workers?

“The holidays are a terrible time to mount a response to a ransomware attack, which is exactly why hackers love this time of year.”

88% of workers say that the holidays are the most stressful time of year. And the holiday season can be extra hard for people already suffering from depression or loneliness.

Trade groups are estimating that the 2023 holiday season will see a return to pre-pandemic spending. But with it comes even more pressure on your customer support center.

70% of respondents to a Cybereason survey admitted they’ve been intoxicated while responding to a ransomware attack on the weekends or holidays.”

Support representatives are overwhelmed by a wave of customers who are locked out of their accounts at the worst time of year, desperate to finish their holiday shopping. Every password reset can take between 2 and 30 minutes to resolve, adding an enormous amount of frustration for everyone involved.

According to Forrester, 63% of customers will leave a brand after one bad experience. It makes sense: after spending 10 or 20 minutes trying to get into your account, wouldn’t you just go somewhere else to buy instead?

Most Verification Methods Fa-la-l-all Short

IT agents and customer support representatives have to verify people when they contact the service desk or help center. But most authentication methods are insecure and slow. They’re extremely vulnerable to phishing, credential stuffing, SIM swaps, device spoofing, and other attacks. They’re also vulnerable to new and emerging attack vectors like social engineering, deepfakes, and generative AI.

  • Knowledge-based authentication (KBA) verifies a piece of information, not a person.
  • Traditional multi-factor authentication (MFA) verifies a phone # or email, not a person.
  • Device-based authenticators verify a device, not the person behind the device.

For the help desk, the newest method of authentication is visual verification. It’s becoming more and more common after Okta’s CSO specifically recommended adding a visual verification step at the help desk for privileged users. The problem is that most companies do visual verification through a video call, which is extremely time-consuming and costly.

‘Tis the Season to Defend the Help Desk

Customer support reps and IT help desk agents aren’t social psychologists, nor should they have to be. Even if an individual agent has been reading up on social engineering, you can’t expect them to spot attacks in real time.

Enter Nametag: the perfect tool to defend your support center and help desk against the blizzard of fraud and cyberattacks that’s already on your doorstep.

Our identity verification console stops social engineering and prevents ransomware attacks by verifying people quickly and securely during high-risk moments like password resets, MFA device re-provisioning, lockouts, access grants, and more.

  • Increase security: Immediately protect yourself against current and emerging threats with a powerful security layer that sets up in minutes.
  • Reduce costs: Resolve more support tickets more quickly by eliminating a major cost-driver at the help desk.
  • Improve experiences: Help customers and employees get back into their accounts more quickly with less headache.

Nametag is so easy to use, you can get started yourself in under 5 minutes. Try it out!

Secure your helpdesk against social engineering and impersonators.
Accept All Cookies