During the annual eCommerce bonanza known as Black Friday and Cyber Monday weekend, shopping websites will be swarming with people who are mostly unaware of cyber threats that can leave personal data vulnerable.
In 2021, Europe, Canada, and the United States saw a 50% spike in transactions during the Black Friday and Cyber Monday window from the previous week.
With the imminent spike in online shopping, this is an ideal opportunity for organizations to remind employees the importance of cyber security awareness.
Verizon’s 2022 Data Breach Investigations Report showed that cyber criminals were most interested in a consumer’s confidential data, with just under 10% seeking consumer payment data, 45% personal data, and 40% looking for credentials.
If you plan to be shopping online, which we’re 99% sure you do, read on for a few simple preventative measures to help keep you (and your wallet) safe this holiday season.
Black Friday Cyber Threats You Need to Be Aware Of
Cyber criminals rely on clever social engineering techniques to prey on our lack of attention and inherent trust-worthy nature.
After all, people who do their gift-buying online are usually at work—multitasking, trying to shop and do work simultaneously. This distracted behavior creates the perfect scenario for cyber criminals to trick people with various malicious tools and tactics.
Some common threats cyber criminals use to ride the holiday shopping wave to prey on the distracted include:
Email offers
Criminals send out emails with bogus prizes or sales offers to bait the recipient into providing personal information or opening a file. Email offer scams often link to a phishing website or malware file.
Phishing websites
Phishing websites are designed to imitate legitimate brands and retail sites to trick visitors into entering payment information for products that don't exist so a hacker can steal their credit card data.
Fake social media promotions
Cyber criminals often promote counterfeit products on social media through fake accounts using popular hashtags to trick users into handing over their payment details.
Faked apps
Cyber criminals create fake apps that mimic popular online store apps. They promote the fake app on social media, in phishing emails, and on spoofed websites to steal credit card information.
Fake shipping notifications
Scammers contact the victim with a phone call, email, or SMS message claiming to be a delivery service unable to deliver a parcel to your door. They then ask the victim to verify private information and credit card details to "reschedule" the delivery. Those details are later used to commit identity or financial fraud.
Christmas, Black Friday, and Cyber Monday Sales Websites
Ahead of peak retail periods, fraudsters regularly create unofficial sales websites with phony offers and promotions to encourage consumers to click on malware links and attachments or hand over their personal information.
13 Tips for Safe Black Friday Online Shopping
For consumers, vigilance is the key to detecting online scam attempts. To ensure you don’t fall victim to online shopping threats, you should:
1. Never provide personal information to unsolicited messages or calls
Reputable companies won't request personal data like your name, address, or credit card information for no reason, so don't provide any personal information to unsolicited communications. Look for official email addresses and only visit official websites by manually entering the web address.
2. Avoid clicking on suspicious email links or attachments
Email links and file attachments are the most common ways cyber criminals transmit malware, so don't click on email links from unknown senders. Hover your cursor over any links to see where the link will take you, and if you doubt the email's legitimacy, don't click.
3. Watch out for spelling mistakes
Even otherwise convincing scam emails can have spelling or grammatical mistakes. If you see many grammatical errors, unnatural phrasing, or misspelled words, there is a high chance that the message you're reading is fake.
4. Verify the URLs you're using
Only shop from trusted online retail websites, and always confirm you're using the correct URL. It's easy to miss the extra 'n' in "amazonn.com," especially if the website is spoofed to look like its legitimate counterpart.
5. Be wary of using search engines to find Cyber Monday deals
Cyber criminals use the same search engine optimization (SEO) techniques as legitimate brands to ensure their faked websites display on Page 1 or 2 in the search engine results. They can direct online shoppers to fake Cyber Monday sales websites using savvy and tempting language in the descriptions.
6. Look for HTTPS:// or the lock icon
Know and understand what secure vs. non-secure websites look like. Always look for HTTPS:// and the lock icon to confirm you’re browsing a secure site. Likewise, double-check that the shopping cart checkout process is also secured and encrypted.
7. Consider your payment options
Using credit cards rather than debit cards offers more consumer protections (such as stopping payments and detecting fraud) if something becomes a scam. Consider third-party payment services like Apple Pay, Google Pay, or PayPal that let you purchase goods without inputting your credit card information on a merchant's site.
8. Track products you do purchase
Whenever you buy something online, make a list of what you've purchased and the expected delivery date to detect a fake shipping notification message when you see one.
9. Not be afraid to hang up on unsolicited calls
Many fraudsters prefer to scam victims over the phone, where they can build "rapport" with the victim and use high-pressure tactics to extract information, so don't hesitate to hang up if someone unfamiliar is asking for personal information, especially of the financial variety.
10. Track your bank and credit card statements
Check your online shopping accounts at least monthly for unauthorized activity. Many credit card companies allow users to set up email or text alerts each time a card is used for an added layer of protection.
11. Use secure Wi-Fi
Avoid making online purchases via unsecured public Wi-Fi. Consider using a Virtual Private Network (VPN) if shopping using a mobile device for added security. You can also save items in your cart and purchase them later once connected to a trusted, secure network.
12. Enable multi-factor authentication
Use multi-factor authentication (MFA) or two-factor authentication (2FA) wherever possible. This added layer of security uses biometrics (like a fingerprint scan or facial recognition) or a unique one-time code sent to your phone.
13. Use your best judgment
Cyber criminals use social engineering techniques to capitalize on the desire to get a "good deal." Remember, Cyber Monday or not, if a deal seems too good to be true, it probably is.
On Black Friday and Cyber Monday, Please Shop Responsibly
While online shopping for the holidays can be an exciting time to score deals, it's also one of the busiest seasons for malicious actors looking to defraud unsuspecting consumers.
To avoid getting victimized, make sure you're aware of how cyber criminals take advantage of your distraction while online and understand some common threats to look for.
Cyber Security Hub: Access Exclusive Cyber Security Content
Visit our free Cyber Security Hub to learn and share crucial information about phishing, social engineering, and other cyber threats.