Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Give Yourself the Gift of Secure Holiday E-Commerce

Automating your defenses can bring good tidings of great joy.

6 Min Read
A red robot dressed in a Santa hat leans on a wrapped present and smiles
Source: DM7 via Alamy Stock Photo

CRON rest ye merry user base; let nothing you dismay!
Remember that the spam filter still works on Christmas Day!
To save us all from scammers' pow'r when we're still on vacay.
O tidings of comfort and joy.
Comfort and joy!
O tidings of comfort and joy.

It's the holiday season, and even the most naughty cybersecurity engineer deserves a little break! Yes, even you, little Timmy. I know you work in the retail sector and this is your busiest time of year, but there are ways to maximize your chances of a happy, peaceful holiday with friends and/or family.

What is this magical methodology that mutes malicious madmen? I'm glad you asked! Please sing this with me, to the tune of Handel's "Hallelujah Chorus."


That's right: If you want to tip the scales in your favor this holiday season, you have to let the good bots fight the evil bots. No, we're not talking about the evil robot Santa from "Futurama." We're talking about practical cybersecurity preparations that might just save the holidays!

Making Sure New Accounts Are on the Good List

Anyone who isn't in B2B is likely to experience an uptick in new account creation during the holiday season. Whether it's because people want to order something from your website or because they simply have more time on their hands during the holidays, new sign-ups aren't exactly uncommon. There will also be people taking advantage of New Year's sales, spending last year's departmental budget while they still can, and registering the warranties on gifted products.

Sadly, that means this time of year is also perfect for anyone creating illicit accounts if they want to be lost in the shuffle. Why is that? Because the sheer volume of new account creation prohibits manually checking each one, at least in medium to large enterprises that experience high volumes around this time.

That's why many naughty little bots pick the holiday season to create a massive number of accounts. They might not do anything with them, at least not for a while. But you don't want all of these accounts sitting around and maturing if it means they can be used in a variety of other attacks down the line.

So before you clock out for the last time in December, make sure your automated account validation services are running properly! Lack of diligence now can burn you in the months to come. Run some tests, make sure that bots are being caught when they make a new account, and double-check the associated logging and reporting functions. If you need help with this, fake account creation detection, alerts, and reporting tools can keep you covered until you get back into the office.

Keeping Inventory Numbers Accurate for Santa

Your little elves have been working hard to build up an inventory that will survive the holiday rush. It would be a shame if a mean-spirited competitor or hacker invalidated all of their efforts by messing with your system.

But that's exactly what can happen, and the holidays are the perfect time to execute such an attack. With online carts and real-life fulfillment centers already seeing a ton of action, all it takes is one bad actor with a botnet to ruin the holiday season for a whole lot of people.

The way a botnet can mess with your inventory is via a stockout, also called a denial-of-inventory attack. Fraudulent orders are put on the books to reserve products, only to have the orders canceled after the holiday rush is over. Alternatively, the cancellations and reorders can come in waves, only to end with mass cancellations.

These days, stockout detection is vital. Even in a service-based industry, bots creating meetings or appointments that waste the sales team's time can be an absolute nightmare. Make sure that the automation is up and running, and test it before you leave for the holidays.

Putting Coal in Ad Fraudsters' Stockings

If you're like most companies, December and January distribute the lion's share of your ad budget. Throwing your hat into the ring for the holiday season is critical to many businesses and can significantly impact how the next 12 months go.

But certain Grinches out there will use your increased ad spend as an opportunity to steal everything they can. Much like the new account fraud crowd, these thieves are hoping that increased legitimate activity will provide cover for their more nefarious activities during the holiday season.

Fake impressions pushed out by the millions can rapidly burn through your holiday ad budget, leaving you running on empty, out of leads and sales. Meanwhile, the metrics of your ad campaigns look great, giving you false positives without producing real results. It's a double betrayal: You've been robbed and you don't even know whether your ads would have been effective under normal circumstances.

The holiday season is ripe for programmatic ad fraud. If you don't have an antifraud system that covers this aspect of your business, you'll want to rectify that as quickly as possible.

Other Tips Before You Close Up Shop

The week prior to closing up for the holidays, you should run an analysis of seasonal false positives from holidays past. If you know that you're going to get hit with false positives, make sure that you have a decent idea of what those impressions look like. If you can create more accurate filtering that will catch the bad guys but allow you to sleep in on Boxing Day, you should put that work in before you take off for the year.

Lead generation fraud isn't limited to traditional ad campaigns. Social media click fraud is rampant this time of year. Make sure that your automation covers all of your social profiles, including business profiles such as LinkedIn; otherwise, reputational damage might set in before the social team returns after the holidays.

One thing people tend to forget is smart building access control. Targeting people who are on vacation with everything from biometric access fraud to impersonation attacks is common during the holiday season. With so many people on vacation, physical security is naturally more lax. So make sure to contact your smart building security provider and optimize your building's settings for the end of the year.

The Gift of Automation

Cybersecurity is typically the last thing on the minds of most people who are rushing out of the office at the end of the year — sometimes including even cybersecurity professionals! Automation is the answer. It's a great stress reducer because you can set up automated defenses once and permanently enjoy increased security. And everyone needs that, particularly during this time of the year.

So relax. Enjoy the tree, the lights, the music, and the people who surround you, secure in the knowledge that somewhere out there, a good little bot is looking out for you.

Happy holidays!

About the Author(s)

Jonathan Care, Contributing Writer

Jonathan Care is a recognised expert in the field of Cybersecurity & Fraud Detection. A former top-rated Gartner analyst, Care was responsible for defining the Fraud market, and leading Gartner’s Insider Threat and Risk research. He regularly advises cybersecurity industry leaders on strategic growth and has worked with key figures in industry and government across the globe. He is a lead contributor for Dark Reading, an industry-defining publication.

Care has testified in court as an expert witness and forensic investigator and is a Fellow of the British Computer Society. He also fuels his creative passion as a composer of film/TV music.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights