Those looking to score a bargain must be particularly careful on Black Friday and Cyber Monday - it is not only the retailers who are preparing for the most important holiday for online shoppers. Cyber criminals will also join forces on this day to attack online retailers, their customers, and payment service providers intensively with phishing attempts. Not only are the number of attacks expected to increase significantly, but also the complexity of campaigns - and thus the danger they pose to online shoppers.
Cyber November: High season for cyber attacks
In the run-up to this year's Black Friday, the Avira Protection Labs reported an "increased activity of malicious URLs", and the Zscaler Security Cloud recorded an increase in blocked phishing activity of more than 400 percent between the first 14 days in October and the first 14 days in November. The experts from Avira's Virus Laboratory expect an increase of at least 15 percent in malicious URLs by the end of November compared to the annual average. In the past ten months, the volume of phishing URLs collected by the Avira Protection Labs has already more than doubled compared to the previous year, in 2019. The main season for fake URLs is only just beginning: in the months from October to December, 30 to 40 percent more phishing attacks take place than in the quiet summer months of June to August. This massively increases the probability for "Black Friday" shoppers to become victims of targeted phishing attacks.
Increasing phishing activities targeted at well-known online shopping sites, phishing attacks on mobile phones, skimming attempts on websites, scam sites with gift vouchers, and banking trojans can be observed, all of which are on the rise. Cybercriminals are taking advantage of the increased activity of users on shopping and online payment sites, and targeting their phishing attacks towards them. Seldom does so much sensitive data in connection with payment transactions fly through virtual space as in these weeks, and attackers know this too.
Strike quickly instead of looking closely
Cyber criminals are psychologically skilled. They exploit the typical characteristics of Black Friday sales: the auction-like character, or the time limit of the offer. They capitalize on the online shopper’s instincts to strike a quick deal. They are aware that many online shoppers, in a hurry to get the best offer, are less alert, and as a result, more inclined to click on compromising links.
But isn't that a private issue? Is it at all relevant to businesses? Yes, because employees often still use their work computer for private purposes, such as online shopping or banking. Therefore, our tips for secure online shopping are certainly important for your employees as well.
Our tips for secure online shopping on Black Friday:
- Check the authenticity of the URL or website. Pay particular attention to unusual spelling of the web address, or even spelling mistakes.
- Check whether shopping, e-commerce, and financial websites are secured by connections with HTTPS. All legitimate merchants and payment portals use this for their transactions.
- Only use secure WLAN connections, not public networks. The use of a Virtual Protocol Network (VPN) can be helpful here.
- Enable two-factor or multi-factor authentication as an additional layer of security, especially for financial transactions.
- Avoid URLs whose links have been shortened or are unknown to you - no matter how tempting the offer communicated with them.
- Install (or update) your operating system and web browser and apply the latest security patches.
- Activate browser add-ons in order to prevent malvertisements from popping up with adblockers.
- Distrust all gift vouchers and free offers you receive in the coming weeks. Be sure: nothing is for free. You will certainly be asked for your personal details to trigger your gift. Hands off!
- Keep track of your orders. During the ordering process it is absolutely normal to receive information about the order process and delivery status from the retailer. If you receive such a message as an SMS, you quickly click on the harmful link and have fallen for this smishing attack.
- Use a password manager that generates secure and unique passwords for you.
- Delete all e-mails with Black Friday messages in the subject line. If you think they are from a credible brand after all, go to their website. If the offers are reputable, you will see them.
- Only use apps from the official stores like Google or Apple.