Cybersecurity experts commented below to warn the public about cyber threats on Black Friday and how to mitigate against these threats.
As with many cybercrime cases, both consumers and businesses need to take security seriously to help mitigate the risk of fraud. Consumers should be aware that cybercriminals are always looking for new ways to commit fraud and Black Friday is just one of many opportunities for them.
In previous years we have seen phishing and scam emails go out during the shopping season, enticing victims to provide credentials and card numbers on the promise of getting early or discounted deals. Basic security hygiene is always a must – keep your system up to date with security updates and patches, don’t reuse passwords, don’t use easy to guess passwords, and opt-in for 2-factor authentication (2FA), but most importantly – remain vigilant and don’t click/download/reply to anything that seems even mildly suspicious. If it seems too good to be true, it probably is.
Businesses have a responsibility here as well. Aside from making sure their systems are properly secured and prepared for attacks (such as credential stuffing) they need to offer consumers additional security features such as opting in for 2FA and alerting on suspicious account activity. In addition, organisations must utilise threat intelligence to understand if cybercriminals are targeting them and selling their customer data and credentials, and use it to identifying potential attack vectors used by threat actors.
Cybercrime does not exist in a vacuum, and this focus on Amazon from threat actors is reflective of just how dominant the retailer has become. While this does not mean that other shoppers can rest easy, it does indicate that Amazon customers may be the ones most at risk of phishing attacks. For this reason, we would recommend exercising extreme caution in the run-up to Black Friday and Cyber Monday, double-checking the sender’s email address, and the domain names in linked URLs, before clicking on any links or attachments, and cross-referencing this with known correspondence from Amazon—or whichever retailer you are shopping with.
1. Malicious actors know people are more likely to open emails with timely subject lines, and the COVID-19 pandemic has led them to create new and clever phishing schemes using subjects related to the Pandemic, Unemployment, Stimulus, and Vaccine trials. These emails will frequently offer links for more information, such as discount offers, or perhaps even to register as a potential vaccine recipient. It’s important not to follow any of the links or open any attachments, as they often contain malware designed to steal your personal, financial, or credit information.
2. Avoid online shopping scams by shopping on secure sites. Cyber Monday deals can save consumers lots of money, but they can also scam them out of serious money as well. One of the biggest (and FIRST) indicators of a potential Cyber Monday scam is a website with no SSL certificate. Check the URL and if it is missing an “s” after the “http”, then the site is not secure and you should shop elsewhere.
3. Check out as a guest. Constantly entering in the details of credit card numbers, shipping and billing addresses, etc. can be tedious, but it will help avoid the headache of having to deal with credit card theft. Consumers should never store credit card information on a website unless they are 100% sure it is secure to do so. And even then, it’s not a guarantee that the merchant can protect customer data from all the bad actors.
4. Avoid online shopping over public Wi-Fi. Checking out the latest Cyber Monday bargains at the airport coffee shop sounds like a great way to kill time before a flight. However, it is strongly advised that consumers avoid using public Wi-Fi when doing online shopping. Hackers use open networks to access devices, so avoid a sneaky Wi-Fi scam by waiting until you’re on a secure network.
5. Monitor bank accounts. This should be a no-brainer, but with the chaos surrounding the holidays, hackers are depending on consumers to forget to monitor their transactions. Many of us depend on our banking institution’s fraud monitoring software to alert us if an unusual transaction is made. However, it’s easy for small transactions for small amounts of money to go unnoticed. Make a note to check your accounts daily for extra fraud protection and financial safety during the holidays.
6. Watch out for malvertising (Malicious Advertising). When scouring the internet for the best online shopping deals, shoppers are bound to be shown a plethora of advertisements. Cybercriminals use “malvertisements” as bogus pop-ups or alert warnings to prompt users to click. Once they click or load a bogus web page, they unintentionally install data-stealing malware and infects their system. Consumers can cut their risk by installing an ad-blocking browser plugin and setting their browser to flag malicious content.
To protect themselves on Black Friday, Cyber Monday, and throughout the holiday shopping season, here are three ways consumers can protect their online security.
– Don’t register at every website – they don’t need to host your PII or payment data.
– Think twice about signing on through Google or a social media account – this gives away much more data than many would care to share.
– It’s difficult at this time of year to remember every website you use, but try and keep track of those you’re using for the first time or have only infrequently used and monitor your charge card data.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics