Black Friday & Cyber ​​Monday | A guide to avoiding cyber scams

As the virtual doors of e-commerce open for a weekend punctuated by Black Friday and Cyber ​​Monday deals and discounts, the bustling online marketplace offers many opportunities for phishing attacks, email scams , harmful websites and more . Even vigilant shoppers are more vulnerable this time of year because it's prime time for credit card fraud and identity theft, adding another layer of risk.

For businesses, the holiday season means security teams must increase their vigilance in an effort to thwart fraudsters and protect both the business and customers.

This blog post delves into the most common cyber threats that emerge during the holiday rush and provides helpful tips to help shoppers and businesses alike ensure a safe and secure holiday online experience.

Holiday-based threats in the e-commerce landscape

Ahead of Christmas, the authorities are already warning keen bargain hunters about the risks of shopping online.

National Cyber ​​Security Center (NCSC), part of Britain's intelligence service, warned that cybercriminals this year could take advantage AI technology to create more convincing scam content, malicious ads and fake websites.

In the same way has Canadian RCMP also sent out cybersecurity tips for a safer holiday season, and offers ways people can protect their personal and financial information when shopping online.

FBI and CISA released a cybersecurity advisory this year urging businesses to be vigilant against the rise in ransomware campaigns occurring during holidays and long weekends when offices are typically closed or operating with a leaner workforce. Threat actors continue to take advantage of widely celebrated holidays to gain an edge when it comes to carrying out high-impact attacks.

Top scams to watch out for this cyber week

Cyber ​​Week, the shopping period consisting of Thanksgiving, Black Friday, Small Business Saturday and Cyber ​​Monday, broke e-commerce records last year. On Cyber ​​Monday alone, consumers drove 11.3 billion dollars in online sales and a whopping $35.3 billion in total for the entire holiday season. According to reports, mobile shopping, buy-now-pay-later incentives, curbside pickup and discounts in the face of rising global inflation contributed to skyrocketing shopping prices.

While online retailers continue to make bank during Cyber ​​Week, businesses and shoppers alike are increasingly affected by cyber attackers as they all await the biggest online shopping events of the year. Here are the most commonly used threat tactics and how to protect against them.

Email scams and social engineering

Email Phishing Scams is a widespread threat, involving deceptive messages that appear as legitimate promotional offers or urgent messages. These are designed to trick recipients into revealing sensitive information or tempt them into downloading malware. Social engineering plays a crucial role and manipulates shoppers into revealing personal details or clicking on malicious links.

Email scams often involve gift card scams with fraudsters forcing victims to buy gift cards under the guise of solving problems and then making off with the money. Fake order confirmations are also common during the holiday season, often including convincing logos and graphics to trick shoppers into clicking malicious links and thinking they're contacting customer support to dispute the nonexistent purchase.

Social media platforms are also breeding grounds for scams during Cyber ​​Week, with fake ads, pyramid schemes disguised such as gift exchange games and too-good-to-be-true offers that lead users to fake websites.

How to stay safe

To protect oneself against these threats, vigilance and good cyber hygiene are a prerequisite:

• Work with caution by default – Verify incoming emails and messages and avoid clicking on suspicious links. Check that the sender's email address is correct, look for official branding and be aware of the tone of the message.
• Don't rush to respond – Scammers like to send fake confirmations of expensive goods or services, or claim that the recipient has been or will be charged for something they never ordered. The trick is to instill a sense of urgency and encourage the intended victim to click on a malicious link. For any unexpected communication involving any form of payment due or coming, verify its legitimacy through official channels rather than relying solely on emails.
• Beware of Gift Card Scams – When confronted with requests for gift card purchases, verify the request through a trusted source.
• Inform and stay informed – Knowledge is power, and in a connected world we are all part of the solution. Stay up-to-date with state and local government blogs and social media accounts, which often post warnings and spikes and share with others. The more people are aware of scams, the less successful they are.
• Report suspicious activity – If you believe you may have been the victim of a scam, it is important to both report it to the relevant authorities and organizations such as your employer or your bank and to act quickly. Reset password if necessary and activate multi-factor authentication (MFA).

Counterfeit websites, malvertising and e-skimming

Major Cyber ​​Week discounts create an excellent hunting ground for threat actors using sophisticated techniques such as fake websites, malvertising and e-skimming to exploit unsuspecting shoppers.

Counterfeit websites impersonate legitimate online retailers, leading users to unwittingly share personal and financial information. Malvertising infiltrates legitimate ad networks, places malicious ads on seemingly trustworthy websites, and compromises the user's device upon interaction. E-skimming involves the malicious injection of code into online payment forms, allowing cybercriminals to intercept and steal sensitive payment information during transactions.

How to stay safe

To protect against these threats:

• Double Check URLs – Does that URL look correct? Check if it is legitimate and make sure the URLs match the official domain of the retailer.
• Make sure a vendor has secure payment methods in place – Don't enter personal or financial information into web forms that aren't clearly secure. Check that the website URL is prefixed with “HTTPS” and look for trust or security marks, including those from SSL certificate providers and payment processors. In addition, reputable online providers usually offer a variety of secure payment options. Look for familiar and trusted payment methods such as credit cards, PayPal or other well-known processors.
• Consider payment options carefully – Use credit card or prepaid credit– or payment card to buy goods. Avoid paying by bank transfer as funds sent this way are non-refundable.
• Block Spam – Install reputable ad blockers to reduce the risk of malvertising and block potentially harmful ads.

Credit card and identity fraud

Threat actors take advantage of the hustle and bustle of the holiday season to steal credit card details and digital identities. Credit card fraud involves the unauthorized use of credit card information for unauthorized transactions, often through compromised online platforms. Identity fraud, on the other hand, involves the theft of personal information to impersonate individuals for fraudulent activities.

Magecart malware , for example, is a malicious script that infiltrates and compromises e-commerce websites to collect sensitive information , mainly credit card details and other personal information.

Malware intercepts and captures user input, such as credit card information entered during online transactions, without the knowledge of the website owner or unsuspecting users. The collected information is then exfiltrated to remote servers controlled by cybercriminals, who can exploit it for various fraudulent activities, including unauthorized transactions and identity theft.

How to stay safe

To protect against credit cards and identify fraud:

• Use secure and reputable payment methods – Prepaid credit cards, gift cards or gift cards, PayPal, Apple Pay, Google Pay or Amazon Pay reduce the need to share bank details directly when making online purchases.
• Use reseller apps where available - Many reputable retailers have their own apps that allow users to shop and pay directly through the mobile app.
• Monitor bank statements regularly – Pay attention to suspicious transactions and set up transaction alerts that can help you detect unauthorized activity early.
• Be careful about sharing personal information – Only provide personal information to trusted and verified sources.
• Implement strong, unique passwords – never reuse passwords and use a password manager to test password strength. Make sure that passwords are not simple variations of common phrases .
• Develop situational awareness – Refrain from using public Wi-Fi for financial transactions or typing sensitive passwords in public places, such as cafes, bars and restaurants that may be overlooked by CCTV.

Protect online shoppers | What e-tailers can do

As the digital marketplace intensifies during events like Black Friday or Cyber ​​Monday, e-commerce merchants will try to strengthen their websites and improve their cyber security posture to ensure the safety of their online shoppers. Although security measures are a year-round endeavor, business leaders and security teams can use the following checklist to perform a routine check of their systems before the holiday rush.

• Ensure data security – Robust encryption protocols, such as Transport Layer Security (TLS), Perfect Forward Secrecy (PFS) or HTTP Strict Transport Security (HSTS), help secure data transmitted between users and the website.
• Scan and respond – Threat actors change tactics frequently and quickly, and new software bugs are quickly exploited. Regular security audits and vulnerability assessments can identify and correct potential weaknesses in the site's infrastructure, blocking potential entry points for cyber attackers.
• Leverage modern defenses – e-commerce companies should invest in advanced firewalls, intrusion detection systems (IDS) and monitoring solutions to detect and prevent unauthorized access or malicious activities.
• “Fix early, patch often” is still good advice – Keeping software, plugins and third-party integrations up-to-date is critical to minimizing the risk of cyber threat exploitation.
• Develop a culture of awareness – Regular training of employees if cybersecurity best practices, including recognizing and avoiding phishing attempts, contribute to a more vigilant workforce.
• Guard the craftsman's entrance – Know and monitor third-party providers carefully, ensure they adhere to strict safety standards and are also ready for the holiday season.
• Prepare for the Rush – Ahead of the sales season, load testing and performance monitoring are essential to ensure the website can handle increased traffic without compromising security.
• Knows how to react – A robust incident response plan (IRP) should also be in place, outlining the containment measures and communication plans to be followed in the event of a breach.

Conclusion

From email scams and social engineering to fake websites and malvertising, the e-commerce landscape is full of potential threats, especially during the most festive time of the year. The increase in online activity, especially during Cyber ​​Week, attracts not only eager shoppers but also opportunistic cyber threat actors who seek to exploit the increase in traffic.

For businesses, strengthening endpoint security means implementing advanced detection and monitoring solutions, regular software updates and enforcement of strict access controls . Protecting sensitive data requires extensive identity security measures , including MFA and user behavior analysis.

Shoppers also play a critical role in their own online safety. Using secure and updated devices, being wary of phishing attempts and ensuring secure connections during transactions are essential for the upcoming long weekend. Adopting strong, unique passwords for each online account and enabling MFA adds an extra layer of defense against unauthorized access. Regularly monitoring bank statements for suspicious transactions is a proactive step that can help detect and mitigate potential fraud.