While shopping online on Black Friday and Cyber Monday helps you skip the crowds in malls and stores, it also exposes you to various cybersecurity risks.
This article will walk you through eight ways you can protect yourself from these sneaky and opportunistic scams.
- Black Friday & Cyber Monday Scams
- 1. Do not click links in emails
- 2. Do not download and open attachments from retailers
- 3. Be cautious of pop-ups and ads
- 4. Beware of e-skimming
- 5. Only shop on a secure network
- 6. Do not 'recycle' passwords
- 7. Be skeptical of freebies
- 8. Keep an eye on your accounts
- Keep Your Company Safe From Black Friday & Cyber Monday Scams With ATTACK Simulator
Black Friday & Cyber Monday Scams
Gal Ringer, CEO of Mine, says that 30% to 50% of the annual average of data breaches happen during the last two months of the year alone.
Dave Baggett, co-founder and CEO of security firm Inky, says. “People are buying a lot of things over a short period of time, and they are hurried about it. This presents opportunities for crooks.”
We’ve compiled a list of eight tips to help you protect yourself and your company from Black Friday & Cyber Monday online fraud attempts.
1. Do not click links in emails
Most scammers will try to get to you via email to steal your credit card details or identity. The malicious message is known as a phishing email, in which attackers impersonate a reputable brand or a trusted contact to convince you to hand over any info they need to scam you. Often, it includes a link to a phishing site that will steal your credentials or payment information.
“Retailers have been hit hard by the pandemic, and will likely send out even more emails showcasing their discounts and offers, which can be easily spoofed to trick consumers,” Tony Pepper, CEO of cybersecurity firm Egress, notes.
There are a few dead giveaways that you’re being phished, but the quickest and easiest way to tell is to check the sender’s information thoroughly and hover over URLs before you click. “If you’re still not sure, you can always reach out to the retailer via their website, to check that the email you received is genuine,” he adds.
2. Do not download and open attachments from retailers
Just like with URLs in emails, you should stay away from attachments, especially those claiming to be from retailers.
“Retailers won’t hide deals in attachments — that’s where attackers hide malware,” says Michael Madon, senior vice president, and general manager of security awareness for Mimecast.
But cybercrooks won’t stop at retailers with their masquerade. Fraudulent emails can impersonate companies in any sector.
3. Be cautious of pop-ups and ads
Cybercriminals can follow you around with pop-ups and ads, a method called malvertising. They take these routes to spread malware and viruses. These malicious ads can redirect you to a phishing website to steal your data, but they can also infect your machine with adware, spyware, and ransomware.
“If a deal is legitimate, it will be on the company’s site. Pop-ups are an easy way for cybercriminals to lure you in,” Madon explains.
4. Beware of e-skimming
This technique requires hackers to use a skimming device that can easily be placed over a card reader at an ATM or a fuel pump and steal your credit card information.
However, hackers have extended their techniques to the digital world – instead of using physical hardware, they can insert malicious code directly into a website to steal your payment information.
E-skimming attacks have seen an increase in the last two years due to the pandemic. Tim Mackey, the principal security strategist for cybersecurity firm Synopsis, warns, “There isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.’”
To avoid falling victim, choose to pay using a third-party app, such as PayPal or Venmo, whenever possible. You can also create a virtual card through websites like Privacy.com or directly on your card issuer’s site.
5. Only shop on a secure network
According to a survey conducted last year by cybersecurity company Bullguard, 76% of Americans have accessed sensitive data on public Wi-Fi. During Black Friday, Cyber Monday, and the upcoming holiday season, the risks of using public networks to make purchases are significantly higher.
Stick to a secure private Wi-Fi connection whenever you need to shop online. “Without proper network precautions, the hacker sitting a few seats down at your local Starbucks could sneak into your device and watch you input your credit card information,” Madon says.
6. Do not ‘recycle’ passwords
If the bad guys manage to steal your account password for a website, they will try to use the same password to break into your other accounts.
This is especially common during the holiday shopping season. “Phishing attempts can often be disguised as sign-ups for retail rewards programs,” Madon says. “If you take the offer, use a password that you haven’t used before,” he advises.
To avoid such incidents, diversify your passwords and use complex alphanumeric combinations. Also, keep in mind to change your passwords regularly. Furthermore, using a password manager is always a good idea.
7. Be skeptical of freebies
Nothing is really free in life. The same goes for Black Friday free offers. They usually work by promising you money or gift cards in exchange for taking surveys. At the end of the survey, you’ll be redirected to a phishing website, where you’ll be asked to enter your credit card information so you can receive your prize. And before you know it, the attackers now have the details they need to drain your bank account.
8. Keep an eye on your accounts
Throughout the year and especially the holiday season, closely monitor your bank and credit card accounts. “Often, criminals will make small charges using bot technology to see if the charge will go through before making larger purchases,” says Pavan Thatha, head of bot management at Radware.
Keep Your Company Safe From Black Friday & Cyber Monday Scams With ATTACK Simulator
To have complete protection against all kinds of phishing scams, you need security awareness training in your company to keep your employees from falling victims to fraud.
Cybersecurity awareness is a crucial factor in protecting your data and devices. It would be best if you learned to spot potential phishing attacks, software that looks suspicious and can be malicious, and other threats. As they say, prevention is better than cure.
ATTACK Simulator’s Security Awareness Training program will help you enrich your employees’ cybersecurity knowledge with up-to-date security best practices to keep your company safe from scammers and avoid potentially irreparable damage.