What Happened?

Fraudsters are warming up for the holidays, targeting household names through e-commerce site hacking and credential stuffing attacks. On November 19, 2019, news broke that Macy’s e-commerce site was infiltrated by a third party, embedding malicious code into Macy’s online checkout page.

These bad actors also placed their skimming code on the Macy’s Wallet page, used by account holders to store payment credentials. This malware collected names, full addresses, phone numbers, email addresses, payment card numbers, card security codes, and payment expiration dates belonging to shoppers who made purchases through the Macy’s website over several weeks before it was identified and removed. This type of sensitive financial information is perfect for fraudsters looking to commit credit card fraud and other forms of financial and identity crimes.

On November 16th, 2019, it was revealed that users of the brand-new Disney+ streaming service were locked out of their accounts after being hijacked by fraudsters. These cyberthieves put Disney+ members’ login credentials up for sale on the Dark Web – with usernames and passwords starting at only $3!

Should You Be Worried?

Whether shopping for gifts or streaming online during your down time this holiday season, be sure to practice safe online habits. Start by updating all outdated and reused passwords to protect your accounts from account takeover. Also, be aware of sites you are visiting and keep an eye for signs the webpage is secure, such as the URL beginning with “https” rather than “http” and a padlock symbol in front of the web address. If you use the same username and password for more than one account, hackers can easily use your login information obtained through a different data breach in credential stuffing attacks, especially on popular and in-demand sites.

If you think you might be exposed by a recent data breach, consider these 9 tips for data breach victims.

3 Tips to Stay Protected

  1. Take Precautions when Making Holiday Purchases with a Smartphone. Before you think of making a purchase through an ad on Instagram or Facebook, or even downloading a coupon, perform an Internet search about the ad you received for words like “complaint” or “reviews” and you may uncover a scam related to the promotional offer.
  2. Print out online receipts and store them in an email folder. Keep an eye on your financial accounts, bank statements and credit activity, and report any suspicious activity as soon as possible.
  3. Avoid financial transactions and online shopping when using public Wi-Fi. Identity theft is a very real risk when you’re transmitting personal information over unsecured networks.