Black Friday: Phishing attacks against bargain hunters expected

Blog Cybersecurity Phishing
Pic Source: Unsplash

Cyber criminals are not only targeting SMEs, institutions and millions of home office employees. Even private bargain hunters who want to store online on the upcoming Black Friday should protect themselves sufficiently. Especially if they are shopping using their work computers.

Bargain hunters have to be especially careful on Black Friday and Cyber Monday. Not only companies and retailers have prepared intensively for the highest holiday of online shoppers. Cyber criminals will also join all their forces on this day and intensively attack online retailers, their customers and payment service providers with phishing attempts. Not only is the number of attacks expected to increase significantly, but also their complexity – and therefore their danger.

Cyber November: peak season for cyber attacks

In the run-up to this year’s Black Friday, Avira Protection Labs said it noticed “increased activity of malicious URLs.” And Zscaler Security Cloud saw a more than 400 percent increase in blocked phishing activity between the first 14 days of October and the first 14 days of November. The experts from Avira’s virus lab expect malicious URLs to increase by at least 15 percent by the end of November compared to the annual average. In the past ten months, the volume of phishing URLs collected by Avira Protection Labs has already more than doubled compared to the previous year, 2019, they said. At the same time, the peak season for fake URLs is only just beginning, he said: 30 to 40 percent more phishing attacks take place in the months from October to December than in the quiet summer months from June to August. This massively increases the probability for “Black Friday” shoppers to become victims of targeted phishing attacks.

Rising phishing activity targeting popular online shopping sites, phishing attacks on cell phones, skimming attempts on websites, gift card scam sites, and banking trojans were all on the rise. Cybercriminals are picking up on the increased activity of users on shopping and online payment sites and targeting their phishing attacks on them. After all, rarely does so much sensitive data related to payment transactions fly through virtual space as it has in these weeks, and the potential attackers are well aware of this.

Move quickly instead of looking closely

The attackers take a psychologically clever approach. They exploit a typical characteristic of Black Friday purchases: the auction character or the time limit of the offer. The cybercriminals exploit this behavior by making a quick purchase instead of taking a closer look. They are aware that many online shoppers are less vigilant in the rush to score the best deal and are more inclined to click on compromising links.

Isn’t that a private topic? Is it even relevant for companies? Yes, because employees still use their work computers for private purposes such as online shopping or banking. That’s why our tips are certainly important for your employees, too.

Read our tips for safe online shopping for Black Friday.

  • Check the authenticity of the URL or website. Pay particular attention to unusual spellings of the address or even spelling errors.
  • More Perseus know-how re: compromised web applications
  • Check if shopping, e-commerce and financial websites are secured by connections using HTTPS. This is what all legitimate merchants and payment portals use for their transactions.
  • Use only secure wifi connections, and not public networks. Using a Virtual Protocol Network (VPN) can be helpful.
  • More Perseus know-how on: VPN
  • Enable two-factor or multi-factor authentication as an additional layer of security, especially for financial transactions.
  • More Perseus know-how on: Two-factor authentication
  • Avoid URLs whose links have been shortened or are unknown to you – no matter how tempting the offer they communicate.
  • Install (or update) your operating system and web browser and apply the latest security patches.
  • Activate browser add-ons to prevent malvertisements from popping up with adblockers.
  • Distrust all gift certificates and free offers you receive in the coming weeks. Be sure: nothing is for free. You will definitely be asked for your personal information to trigger your gift. Hands off.
  • Keep track of your orders. As part of the ordering process, it is absolutely normal to receive information from the merchant about the order process and delivery status. If you receive such a message as an SMS, you quickly click on the malicious link and you have fallen for this smishing attack.
  • Use a password manager that generates secure and unique passwords for you.
  • Delete all emails with Black Friday messages in the subject line. If you think they are from a credible brand after all, go to their website. If the offers are legitimate, you will see them.
  • Only use apps from official stores like Google or Apple.