Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’ll look at three common holiday season scams and how to spot and avoid them. ‘Tis the season to be jolly—and wary. The holidays are the time when friends and families come together, make merry, and revel in the festivities.

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

With the exponential expansion of AI, bad actors are frothing at the mouth. Advanced technology for automating social engineering techniques that previously required technical know-how is now within arm’s reach of anyone with a keyboard. Attempts to exploit and deceive are more common than ever, and they are emptying business’s pockets. In 2023, 800 businesses worldwide reported fraud losses totaling 6.5% of their revenue, amounting to $359 billion.

Learn how to spot fake online giveaways like a pro.

Before you prove your humanity to a pop up, make sure you’re not accidentally downloading malware.

Customer fraud losses and remediation are often integrated as an inevitable cost of doing business Fraud’s impact on the bottom line is often considered when pricing products and services. This has happened since the first thief swiped a product from a marketplace stand. Today, scams responsible for severe business impact have become increasingly sophisticated, and the creeping costs are increasingly hard to budget for.

Vishing attacks, also known as voice phishing scams, are the newest way for cybercriminals to take advantage of weak spots. What is a vishing strike, though? Vishing is a type of social engineering scam in which people are tricked into giving up private information like passwords, credit card numbers, or business details over the phone or through voice mail. Vishing is different from phishing emails because it involves talking to people in person.

Forget ‘billions’, fraud is now a trillion-dollar challenge according to McKinsey, with phishing, account takeovers (ATOs), and credential-based attacks driving unprecedented losses. Needless to say, this step change underlines the urgency for scam-prone enterprises to add further protective layers as part of a fraud prevention strategy that combines emerging technologies.

For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not. Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot. Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.