For companies in retail and hospitality industries, holiday shopping is their busiest time of year. But as Americans’ shopping and traveling purchases ramp up, it’s also the time of the year where companies are the most concerned about the threat of a cybersecurity breach through phishing, fraud, and malware.


In the 2022 RH-ISAC Holiday Season Threat Trends report, analysts and members of the industry group were polled about their security focus for the season. Phishing—a concern no matter the time of year—ranked at the top, with 20% of retailers reporting phishing as the most prominent threat (up from 16% in 2021).

Because of the season, employees might be expecting things like gift card links and promotional campaigns in their inboxes, creating a prime opportunity for cyber attackers. Through social engineering impersonating executives, attackers may be able to harvest credentials, bypass multifactor authentication, and steal information.

Additionally, both bots and imposter websites have risen in terms of impact for online retailers as average individuals began exploring ways to earn additional income through becoming resellers of stolen information on threat actor forums, which was once a space occupied only by seasoned cybercriminals. Commonly familiar malware, such as QakBot, Emotet, Agent Tesla, and Dridex are likely to continue as the most prevalent tools leveraged by threat actors for the 2022 holiday season.

Ransomware attacks will be targeting retailers assuming that their victims will be more likely to pay ransom to minimize downtime and to keep their names off leak sites. Due to the threat of operational downtime or a damaged brand reputation, the impact of ransomware attacks could drastically and negatively affect overall profitability.


For the retail, hospitality, and travel community, focusing on understanding very specific tactics fraudsters and threat actors are using across kill chains to enhance detection and mitigation efforts is instrumental in preventing and responding to cyberattacks. Understanding these broad trends across the threat landscape and how they work within member environments has enabled analysts to create more effective alerting, detection, and mitigation efforts.

Members also reported working closely with customer service departments, providing customer service representatives with refund-as-a-service training material, maintaining brand protection services to help take down malicious imposter sites, and kicking off internal fraud working groups for loss threats and handling. In preparing for the increased threats of the holiday season, change freezes, staffing adjustments, and operational changes were reported as especially important.

If you’re a small business lacking in resources, there are still measures you can take to protect your business from these attacks. These include:

  • Enabling strong spam filters to prevent phishing emails from reaching end users
  • Educating employees with cybersecurity awareness training
  • Third party cybersecurity assessments
  • Updating and patching software and hardware
  • Locking down Remote Desktop Protocols (RDP)
  • Validating remote access to the organization’s network
  • Requiring multi-factor authentication for privileged or administrative access
  • Confirming the organization’s entire network is protected by antivirus/antimalware software
  • Testing backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack
  • Ensuring data is backed up, encrypted and immutable