The onset of the festive season drives the retail market into a frenzy. After two years of being home-ridden and extra cautious due to the pandemic, people worldwide are finally venturing out and once again feeling the true spirits of the season and unrestrained celebrations. The enthusiasm to strike the best bargain at Black Friday deals is fueling online sales globally. Online retail spikes, with sales expected to go up from $34.36 billion in 2020 by 5.9% to $36.40 billion this year.
By Minu Sirsalewala, Editorial Consultant, CISO MAG
The retail sector is a soft target for cybercriminals, especially the small organizations and third-party services like logistic and delivery companies who experience incessant attacks. Scammers and cybercriminals are scouting for banking credentials and debit/credit card details, thriving in the online space given the retail fever and are waiting to prey with Hawk eyes. As security implementations for these organizations are neither affordable nor feasible, they are most vulnerable and easy prey to the financially motivated cyber hawks.
Per Adobe 2020 survey, the Black Friday 2020 revenue sits at $188.2 billion compared to 2019 revenue of $142.4 billion.
Common Digital Threats
1. Phishing Attacks
Phishing attacks continue to be the most common threat in the security landscape. Cybercriminals are leveraging advanced phishing and social-engineering techniques to trick users and break into networks. There are constant baits in the form of emails, attachments, malicious links, and pop-ups that should be closely scrutinized for authenticity before being clicked.
2. Fake Deals
Scammers are “spraying and praying” where a barrage of attractive deal ads, messages, coupons, and fake websites are made available online to bait customers into falling prey to these scams. If it is too good a deal to believe, be alert and rule out a possible scam.
3. Data Skimming
4. Financial Malware
Cybercriminals often find new techniques to deploy malware and evade security scans. As per a report from Microsoft 365 Defender Threat Intelligence Team, adversaries are increasingly relying on HTML smuggling techniques in email phishing and malware campaigns to obtain access and infect a network or system with an array of malware variants. These include banking malware, ransomware, and remote access trojans (RATs).
Users unknowingly install malware onto their devices by clicking malicious attachments like images and links sent through special Black Friday online promotions.
Online Safety Measures for Black Friday and Cyber Monday
1. Watch Out for Fake Websites
Festive times are lucrative not only for the vendors but for imposters too. The appearance of fake websites selling non-existing products and tricking people into spending money is a common affair. A Check Point Research report revealed a 178% jump in the number of malicious shopping sites — more than 5,300 sites each week in October compared to other months for 2021.
2. Check if the Site’s Connection is Secure
It is advisable to stick to familiar shopping sites and not get lured by new ads, emails, or text messages. Go with reputed names and not fly-by-night operators who appear only to scam users. A secure site’s URL should start with HTTPS and not HTTP. You might have to click on the URL to see the HTTPS. Another tip is to look for a little lock icon in the top left corner of your browser bar when you’re on the site.
3. Beware of Phishing Emails
Phishing continues to impact a high number of people. Beware of emails, attachments, links, and ads that may appear to be from renowned brands, e-commerce sites, and retailers but are fake. Verify the sender of the email by checking the email ID and re-read the content to check grammatical or spelling errors.
Related story: How to Find a Phishing Email [INFOGRAPHIC]
4. Use Strong Passwords
Though asserted time and again, weak passwords continue to be a common threat and are easy to attack. Using a unique username and password is essential; one can use a password manager as it could be difficult to remember multiple passwords for different accounts. It is also recommended to have multi-factor authentication or two-factor authentication for an added layer of safety.
5. Be Vigilant About Social Media Scams
Social media platforms like Instagram, Facebook, Twitter, and Pinterest are popular choices to send spam messages. People unknowingly forward and share links announcing great deals and bargains without crosschecking and are aiding in spreading the malicious links. These are amongst some of the most trusted platforms and are easy targets too.
6. Avoid Public Wi-Fi
Public Wi-Fi networks are not secured and do not require secured authentication to log in and give direct access to any unsecured device on the same open network. It is a sea of opportunities for hackers to steal critical information such as login passwords, credit card info, and other personal and financial details. Public Wi-Fi can also be used to launch malware attacks and infect your device.
7. Manage System Updates
Regular updates and patch management are the most simple and effective routines to follow to keep the system secured. Most common attacks are launched through bugs in the software and devices.
8. Use a Credit Card for Shopping Online
Using a credit card in place of a debit card, banking transactions, and direct payments are advisable. It allows a small window to cancel the transaction if it is fraudulent and stops further payment. It is also better protected in terms of authentication. Another tip: Request your bank to lower the credit limit on your card, so that if it is misused, the loss will not be on the higher side.
9. Monitor Bank Statements for Fraudulent Activity
Do not wait for the month-end or post-shopping season to check your financial transactions. It is advisable to keep a close eye on your online transactions and if you see any unauthorized activity, report it immediately.
Tessian a security company offers the following tips and advice for spotting malicious emails:
- Inspect emails and text messages to look out for spelling errors; these are a sure sign that it is not from a legitimate source.
- Take a few seconds to verify that the sender’s name and email address match up, especially if you are reading your emails on your mobile. Cybercriminals typically spoof a brand’s name in the hope that you’ll fail to inspect the email domain.
- Be wary of business messages from unknown numbers or numbers starting with a local area code such as +44, as these are regularly associated with scam texts.
- If in doubt, don’t click. You can follow up with the delivery company or retailer directly if you have a question that needs to be answered.
Be safe and make the most of the festive season. Do not let cyberthreats and attackers take the sheen off your celebrations.
About the Author
Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.