As we approach the holiday season, CISOs should ensure user awareness training includes the latest tactics in retail-centric social engineering, as a successful retail scam can lead to enterprise credential compromise if users fall victim on their work devices or via work accounts (for instance, a work email account).

Implement and reinforce these security practices for all end-users:

• Double-Down on Security Awareness: Cybercriminals exploit the speed and volume of holiday commerce, pivoting their attacks to maximize financial gain. Some relevant statistics per major industry impacted:

  • Retail & E-commerce: Attempted Black Friday-themed phishing attacks jumped 692% globally, with phishing attacks mimicking major U.S. retail brands increasing by over 2000%. This leads to an average retail data breach cost of $3.48 million—an 18% increase from last year.

  • Payments & Fraud: 4.6% of all attempted e-commerce transactions between Thanksgiving and Cyber Monday were flagged as suspected digital fraud. Post-holiday, chargebacks typically surge 45 to 60 days later, increasing administrative costs.

  • Hospitality & Retail IT: The sector saw a 109.5% increase in intelligence sharing on ransomware compared to the prior year, indicating a massive spike in active targeting during the peak season.

• Lock-Down Browsers used by Employees on Work Devices: The convergence of personal shopping on work devices is the primary vector for data exfiltration. 74% of all breaches involve the human element.

  • Prohibit Personal Transactions: Strictly enforce policies against personal e-commerce purchases or unvetted sites on work devices (POS terminals, corporate tablets). The goal is to prevent the introduction of malware, credential loggers, or unauthorized browser extensions.

  • Mitigate Payments Fraud: Train employees to spot physical card-skimming attempts at POS systems and to identify indicators of compromise (IOCs) related to malicious third-party scripts targeting the e-commerce checkout process for online card harvesting.

  • Address Advanced Client-Side Threats: A successful social engineering lure can lead to DOM-Based Extension Clickjacking. This attack bypasses traditional web application defenses by manipulating a browser extension's UI elements (like a password manager's auto-fill prompt) to steal credentials.

• MFA is Mandatory: Multi-factor authentication (MFA) provides a second step to verify identity and is one of the strongest defenses against stolen passwords. BlackCloak can assist in ensuring your executives are set up with proper MFA on their personal accounts.

To mitigate the risk of data breaches exposing corporate payment information, virtual cards like those offered by “Privacy.com” are an excellent security control to promote. Virtual cards are increasingly offered, as well, via major credit card companies and banks such as AMEX and Capital One. 

How Virtual Cards Enhance Security:

• Masked Financial Information: A virtual card generates a unique, 16-digit card number, CVV, and expiration date different from the physical card, keeping the actual payment information private from merchants and third parties.

• Merchant-Locking: Many virtual card services, including Privacy.com, allow the card to be locked to a single merchant. If the card number is stolen in a breach, it cannot be used at any other location, effectively isolating the fraud.

• Highly-Customizable Spend Limits to prevent fraudulent overdraft: You can set a maximum spend limit on a virtual card, preventing a merchant from overcharging or a fraudulent actor from making excessive transactions if the details are compromised.

• Instant Management: Virtual cards can be instantly paused or closed at any time without affecting the user's other cards, minimizing the interruption and enhancing security after a potential compromise. Some providers also offer single-use cards for one-time purchases.

The use of virtual cards should be highly encouraged to limit exposure of primary accounts. BlackCloak can assist in the advisement process should you have an executive interested in virtual cards.

For individuals who already use Apple Pay or Google Pay, both Apple Pay and Google Pay use a unique Device Account Number (referred to by the companies as DAN and DPAN, respectively) for each card added. To summarize, this number, different from your actual card number, is randomly generated and specific to your device and card. This added layer of security protects your financial information from unauthorized access. Executives should be made aware of these types of protections - the BlackCloak team can assist with this.

___________________________________________________________________________

In today's hyper-connected world, corporate leaders and high-net-worth individuals are prime targets for sophisticated cyber threats. But the weakest link isn't at the office, it's in their personal lives. Discover practical solutions, expert analysis, and behind-the-scenes stories on the unique and evolving security challenges faced by C-suite executives, board members, high-profile individuals, and their families in this podcast from BlackCloak.

https://blackcloak.io/podcasts/

Open Source Intelligence (OSINT) illuminates just how much of your personal information is available for threat actors to build a comprehensive profile of you. In this BlackCloak blog post, OSINT and Threat Intelligence Manager Chris Carter breaks down exactly what OSINT can reveal about you, and how it's weaponized by cybercriminals.

https://blackcloak.io/youre-being-watched-what-osint-can-reveal-about-you/

Preparing the next generation to take the reins of a high-net-worth family’s assets is a perennial challenge. That’s why many financial institutions host those sophisticated “next-gen” weekends, think Ivy League recruiting meets a financial seminar, to educate and connect the future custodians of wealth.

But when it comes to the curriculum for those currently under 25, there’s a dangerous blind spot that is actively increasing your family’s cyber risk.

https://blackcloak.io/your-tech-savvy-kids-are-a-cyber-hackers-dream/

183 million email addresses and passwords, including millions of Gmail accounts, have been exposed online via infostealer malware. Individuals reusing their login credentials for multiple accounts are at risk, as this data enables criminals to execute password-spraying attacks and compromise multiple accounts with a single set of credentials. We recommend enabling MFA/2FA on all accounts and refreshing the passwords for your critical accounts. Please contact our team if you need assistance with this.

Read more here: https://nypost.com/2025/10/27/business/183m-email-passwords-exposed-in-data-leak-including-millions-of-gmail-accounts-heres-how-to-check-if-yours-is-safe/

A Florida woman was conned out of $15,000 after receiving a highly realistic call that used an AI-cloned version of her daughter's voice. In response to the fraudulent demands, her family provided the money. The scam was only uncovered because a relative called the daughter's actual phone number and found that she was safe. 

Read more here: https://www.wesh.com/article/florida-mom-scammed-ai-clones-daughters-voice/65436683

Read more here: https://cybersecuritynews.com/hikvisionexploiter-exploitation-toolkit/

In a report written by The Economist, AI/LLMs are dramatically lowering the skill requirement for hackers, enabling them to quickly create sophisticated malware and launch highly convincing spear-phishing attacks using deepfakes and fake voice/video calls. Fraud estimates from these type of scams are projected to reach $40 billion by 2027. To stay safe, the most critical steps are to always verify the identity of anyone making an urgent request through a separate channel, enable Multifactor Authentication (MFA) on all key accounts, and use strong, unique passwords. 

Read more here: https://www.economist.com/business/2025/08/19/how-ai-powered-hackers-are-stealing-billions

Windows 10 and Ventura macOS are now considered “End of Life”, by Microsoft and Apple. This means that the companies will stop issuing critical security updates and bug fixes for these operating systems, which presents a serious security risk to members who are still using them. Please update any computers currently using Windows 10 or Ventura macOS. If you aren’t sure if your computer is running one of these unsupported operating systems, please reach out to the BlackCloak team for assistance.

Reach out to the BlackCloak team here: https://blackcloak.io/concierge-portal/