Black Friday & Cyber Monday Scams
This week sees the return of the phenomena of Black Friday and Cyber Monday. These marketing events are significantly driving up the increase in online sales in the run up to Christmas. 2017’s Cyber Monday was the largest online shopping day in history and was mobile’s first $2 billion day.
This weekend has become an unbridled online spending extravaganza, but threat actors have taken notice. It’s Holiday Season for these bad guys too, but not the way you might think. They go into scam-overdrive mode.
Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money
With their latest report, the team at RiskIQ summarised it well:
“Ever the opportunists, threat actors set up their operations where the money is; and in the case of the Black Friday and Cyber Monday phenomena, it’s e-commerce. According to Adobe Digital Index, in 2017, online shoppers stuffed e-commerce cash registers with more than $19.6 billion in sales through the Black Friday weekend—a more than 15 percent increase over 2016.
“With more people than ever poised to partake in this year’s November shopping frenzy, attackers will capitalise by using the brand names of leading e-tailers to exploit users looking for Black Friday deals and coupons by creating fake mobile apps and landing pages to fool consumers into downloading malware, using compromised sites, or giving up their login credentials and credit card information.”
Sales this weekend are forecast to be up 19.4% on last year with $7.8 billion expected in e-commerce on Cyber Monday.
What starts out as a search for Christmas presents at bargain prices can turn into a financial nightmare. For brands, what starts as a marketing campaign to boost sales can turn into a security fiasco that not only affects them financially but can destroy trust with their customers.
This year, Magecart, which is made up of several groups of digital credit card-skimming actors with ties to Russia, adds a serious new layer of threat. They are responsible for large-scale breaches that stole thousands of customer credit cards. Only put your details in a secure shopping portal, not on sites for coupons and competitions and be restrictive with your personal data.
It’s worth sending an email to staff over this weekend and the Christmas season reminding them to be vigilant. It is crucial to pay attention to detail while shopping online.
So what to look out for? At the moment, there are literally thousands of fake sites, looking just like the real thing. Don’t fall for it.
Key Things to Consider:
- Make sure the site you go to is the real one, including subsequent link addresses.
- Type in the address or use your bookmark.
- Do not click on links in emails with special offers.
- Be aware of permissions the site is requesting, is it relevant to what’s required?
- Watch out for alerts via email or text that you just received a package from FedEx, UPS or DPD, and then asks you for some personal information. Don’t enter anything.
- Don’t download fake mobile apps that promise big shopping savings.
- Be very wary of online discount coupons. Don’t input your details unless you trust the site’s official web address & be restrictive with your data.
- Ensure the site is ‘https’, security protected.
- Only use Credit Cards online, instead of Debit Cards & if possible, only use credit card information saved in your online shopping account to avoid being intercepted by Magecart.