Users and organizations should be prepared for a surge in phishing attacks over the next several weeks, as attackers take advantage of the holiday shopping season, according to a new report from Zimperium.
The report notes that mobile phishing attacks increase fourfold during the holiday season. Many of these attacks impersonate well-known brands and online retailers, such as Amazon and eBay.
“Phishing campaigns during the holiday season don’t just target online stores — they systematically exploit the entire consumer supply chain,” the researchers write. “Attackers broaden their focus beyond retail brands to include payment processors, digital wallets, and shipping services, creating a seamless illusion of legitimacy that follows users from purchase to delivery.
“By impersonating trusted intermediaries such as payment gateways or logistics providers, adversaries can intercept credentials, payment information, or delivery confirmations at multiple points in the transaction flow. This multi-stage approach makes detection by users more difficult and significantly increases success rates, as users expect and trust messages from these services during peak shopping months.”
These attacks don’t just affect consumers; they can also serve as a stepping stone into their employers’ systems.
“For enterprises, these same phishing and smishing campaigns often double as initial access points into corporate systems,” Zimperium says. “Employees receiving brand-related or shipment messages on BYOD or COPE (corporate-owned, personally-enabled) devices can inadvertently expose single sign-on credentials or install mobile malware that bridges personal and corporate environments.
“These mobile threats extend beyond individual compromise; they create direct pathways into enterprise networks. Logistics and vendor impersonation phishing can also be weaponized to compromise mobile-based supply chain communications, leading to financial fraud or data exfiltration.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
TechNadu has the story.
