Federal authorities warn of increased cyber targeting during upcoming holiday season

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of a spike in cyber scams targeted at U.S. consumers during the holiday season.

The agency, which saw a major leadership shake-up over the past week, published tips to help U.S. consumers avoid the scams, which historically increase during the holiday season. It is expected to worsen this year with more online shopping due to the COVID-19 pandemic. 

“Americans are adjusting their travel and shopping habits for a holiday season that’s sure to be unlike anything we have experienced,” acting CISA Director Brandon Wales said in a statement. “Hackers, scammers and thieves will take advantage of these changes and the generosity of the public during the holidays to target online shoppers and those giving to charities.”

Wales, who previously served as executive director of CISA, took over as acting director of the agency last week after President Trump fired former CISA Director Christopher Krebs. Former CISA Deputy Director Matthew Travis stepped down following pressure from the White House.

Wales pointed to several key tips to help U.S. shoppers combat cyber threats that include ensuring the devices used to make purchases have strong, multifactor authentications, checking privacy policies on websites purchases are being made from, not using public Wi-Fi to make purchases, and ensuring the website is legitimate. 

“While millions of Americans will be online looking for the best gifts and Cyber Monday deals, hackers will be looking to take advantage of unsuspecting shoppers by searching for weaknesses in their devices or internet connections or attempting to extract personal and financial information through fake websites or charities,” CISA warned on its website Tuesday. 

In a separate updated security alert, CISA’s U.S. Computer Emergency Readiness Team (US-CERT) warned that attackers often use fraudulent websites and malicious emails to target consumers during holidays, along with targeting non-encrypted online transactions. 

“Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else,” US-CERT wrote in the alert. 

Holidays typically draw heightened online targeting of consumers by hackers. The COVID-19 pandemic has led to huge spikes in cyber targeting including phishing email scams and ransomware attacks.