Welcome to IT-Branschen – The Channel for IT News, Cybersecurity and Digital Trends

For Companies, Suppliers and Decision Makers in the IT Industry

Digital strategy and insights for decision-makers in the IT industry

Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Subscribe
Facebook Twitter Instagram LinkedIn Pinterest
Contact us

Black Friday & Cyber ​​Monday | A Guide to Avoiding Cyber ​​Scams

IT industrybyIT industry
November 20, 2023
Black Friday Cyber Monday A Guide to Avoiding Cyber Scams Black Friday Cyber Monday A Guide to Avoiding Cyber Scams
Black Friday Cyber Monday A Guide to Avoiding Cyber Scams

As the virtual doors of e-commerce open for a weekend booked by Black Friday and Cyber ​​Monday deals and discounts, the bustling online marketplace offers plenty of opportunities for phishing attacks, email scams , malicious websites and more Even vigilant shoppers are more vulnerable during this time of year because it's a prime time for credit card fraud and identity theft, adding another layer of risk.

For businesses, the holiday season means security teams must increase their vigilance in an effort to thwart fraudsters and protect both the company and customers.

This blog post delves into the most common cyber threats that emerge during the holiday rush and provides useful tips to help both shoppers and businesses ensure a safe and secure holiday online experience.

Advertisement

Holiday-based threats in the e-commerce landscape

Ahead of Christmas, authorities are already warning eager bargain hunters about the risks of shopping online.

National Cyber ​​Security Center (NCSC), part of the UK's intelligence service, warned that cybercriminals could exploit this year AI technology to create more convincing scam content, malicious ads, and fake websites.

In the same way has Canadian RCMP also sent out cybersecurity tips for a safer holiday season, offering ways people can protect their personal and financial information when shopping online.

FBI and CISA released a cybersecurity advisory this year urging businesses to be vigilant against the increase in ransomware campaigns occurring during holidays and long weekends when offices are typically closed or operating with a smaller workforce. Threat actors continue to take advantage of widely celebrated holidays to gain a head start in carrying out high-impact attacks.

sentinel one
sentinel one

Top scams to watch out for this Cyber Week

Cyber ​​Week, the shopping period consisting of Thanksgiving, Black Friday, Small Business Saturday, and Cyber ​​Monday, broke e-commerce records last yearOn Cyber ​​Monday alone, consumers drove $11.3 billion in online sales and a whopping $35.3 billion in total for the entire holiday season. Mobile shopping, buy-now-pay-later incentives, curbside pickup and discounts in response to rising global inflation reportedly contributed to the skyrocketing shopping prices.

As online retailers continue to make money during Cyber ​​Week, businesses and shoppers alike are increasingly being targeted by cyberattackers who are all anticipating the biggest online shopping event of the year. Here are the most commonly used threat tactics and how to protect yourself from them.

Email scams and social engineering

Phishing email scams is a widespread threat, involving deceptive messages disguised as legitimate promotional offers or urgent messages. These are designed to trick recipients into revealing sensitive information or tempting them to download malicious software. Social engineering plays a crucial role and manipulates shoppers into revealing personal details or clicking on malicious links.

Email scams often involve gift card scams, with scammers forcing victims to purchase gift cards under the guise of solving problems and then making off with the money. Fake order confirmations are also common during the holiday season, often including convincing logos and graphics to trick shoppers into clicking on malicious links and believing they are contacting customer support to dispute the nonexistent purchase.

Social media platforms are also breeding grounds for scams during Cyber ​​Week, with fake ads, pyramid schemes disguised as gift exchange games, and too-good-to-be-true offers leading users to fake websites.

How to stay safe

To protect yourself against these threats, vigilance and good cyber hygiene are a prerequisite:

  • Work with caution as standard – Verify incoming emails and messages and avoid clicking on suspicious links. Check that the sender’s email address is correct, look for official branding, and be aware of the tone of the message.
  • Don’t rush to respond – Scammers like to send fake confirmations of expensive goods or services, or claim that the recipient has been or will be charged for something they never ordered. The trick is to instill a sense of urgency and encourage the intended victim to click on a malicious link. For any unexpected communication that implies some form of payment is due or coming, verify its legitimacy through official channels rather than relying solely on emails.
  • Beware of gift card scams – When confronted with requests for gift card purchases, verify the request through a trusted source.
  • Inform and stay informed – Knowledge is power, and in a connected world, we are all part of the solution. Stay up to date with blogs and social media accounts from state and local governments, which often post warnings and tips and share them with others. The more people are aware of scams, the less successful they are.
  • Report suspicious activity – If you think you may have been the victim of a scam, it is important to both report it to the relevant authorities and organizations such as your employer or bank and to act quickly. Reset your password if necessary and activate multi-factor authentication (MFA).

Spoofed websites, malvertising and email skimming

Major Cyber ​​Week discounts create an excellent hunting ground for threat actors who use sophisticated techniques such as fake websites, malvertising and email skimming to exploit unsuspecting shoppers.

Counterfeit websites mimic legitimate online retailers, leading to users unknowingly sharing personal and financial information. Malvertising infiltrates legitimate ad networks, places malicious ads on seemingly trustworthy websites, and compromises the user's device upon interaction. E-skimming involves the injection of malicious code into online payment forms, allowing cybercriminals to intercept and steal sensitive payment information during transactions.

How to stay safe

To protect against these threats:

  • Double-check URLs – Does that URL look correct? Check if it’s legitimate and make sure the URLs match the retailer’s official domain.
  • Make sure a vendor has secure payment methods in place – Don’t enter personal or financial information into web forms that aren’t clearly secure. Check that the website URL has the prefix “HTTPS” and look for trust marks or security badges, including those from SSL certificate providers and payment processors. Additionally, reputable online vendors typically offer a variety of secure payment options. Look for familiar and trusted payment methods such as credit cards, PayPal, or other well-known processors.
  • Consider payment options carefully – Use credit cards or prepaid credit– or debit card to purchase goods. Avoid paying via bank transfer as money sent this way cannot be recovered.
  • Block spam – Install reputable ad blockers to reduce the risks of malvertising and block potentially harmful ads.

Credit card and identity fraud

Threat actors are taking advantage of the hustle and bustle of the holiday season to steal credit card information and digital identities. Credit card fraud involves the unauthorized use of credit card information for unauthorized transactions, often through compromised online platformsIdentity fraud, on the other hand, involves the theft of personal information to impersonate individuals for fraudulent activities.

Magecart malware, for example, is a malicious script that infiltrates and compromises e-commerce websites to collect sensitive information , mainly credit card details and other personal information.

Malware intercepts and captures user input, such as credit card information entered during online transactions, without the knowledge of the website owner or unsuspecting users. The collected information is then exfiltrated to remote servers controlled by cybercriminals, who can exploit it for various fraudulent activities, including unauthorized transactions and identity theft.

How to stay safe

To protect against credit card and identify fraud:

  • Use secure and reputable payment methods – Prepaid credit cards, gift cards or vouchers, PayPal, Apple Pay, Google Pay or Amazon Pay reduce the need to share banking details directly when making online purchases.
  • Use retailer apps where available – Many reputable retailers have their own apps that allow users to shop and pay directly via the mobile app.
  • Monitor bank statements regularly – Be aware of suspicious transactions and set up transaction alerts that can help you detect unauthorized activity early.
  • Be careful about sharing personal information – Only give personal information to trusted and verified sources.
  • Implement strong, unique passwords – never reuse passwords and use a password manager to test password strength. Make sure passwords are not simple variations of common phrases .
  • Develop situational awareness – Refrain from using public Wi-Fi for financial transactions or typing sensitive passwords in public places, such as cafes, bars and restaurants that may be overlooked by CCTV.

Protecting Online Shoppers | What E-Retailers Can Do

As the digital marketplace intensifies During events like Black Friday or Cyber ​​​​Monday, e-commerce retailers will look to strengthen their websites and improve their cybersecurity posture to ensure the safety of their online shoppers. While security measures are a year-round endeavor, business leaders and security teams can use the following checklist to conduct a routine check of their systems ahead of the holiday rush.

  • Ensure data security – Robust encryption protocols, such as Transport Layer Security (TLS), Perfect Forward Secrecy (PFS), or HTTP Strict Transport Security (HSTS), help secure data transmitted between users and the website.
  • Review and respond – Threat actors change tactics frequently and quickly, and new software bugs are quickly exploited. Regular security audits and vulnerability assessments can identify and correct potential weaknesses in your website’s infrastructure, blocking potential entry points for cyberattackers.
  • Leverage modern defenses – e-commerce businesses should invest in advanced firewalls, intrusion detection systems (IDS), and monitoring solutions to detect and prevent unauthorized access or malicious activities.
  • “Ease early, patch often” is still good advice – Keeping software, plugins, and third-party integrations up to date is crucial to minimizing the risk of cyberthreat exploitation.
  • Develop a culture of awareness – Regular employee training about cybersecurity best practices, including recognizing and avoiding phishing attempts, contributing to a more vigilant workforce.
  • Guard the craftsman's entrance – Know and monitor third-party vendors carefully, making sure they adhere to strict safety standards and are also ready for the holiday season.
  • Prepare for the rush – Ahead of the sales season, load testing and performance monitoring are essential to ensure your website can handle increased traffic without compromising security.
  • Know how to react – A robust incident response plan (IRP) should also be in place, outlining the containment measures and communication plans to be followed in the event of a breach.

Conclusion

From email scams and social engineering to fake websites and malvertising, the e-commerce landscape is full of potential threats, especially during the most festive time of the year. The surge in online activity, especially during Cyber ​​Week, attracts not only eager shoppers but also opportunistic cyber threat actors who seek to exploit the surge in traffic.

For enterprises, strengthening endpoint security means implementing advanced detection and monitoring solutions, regular software updates and maintaining strict access controls Protecting sensitive data requires extensive identity security measures , including MFA and user behavior analysis.

Shoppers also play a crucial role in their own online security. Using secure and updated devices, being wary of phishing attempts and ensuring secure connections during transactions are crucial for the upcoming long weekend. Adopting strong, unique passwords for each online account and enabling MFA adds an extra layer of defense against unauthorized access. Regularly monitoring bank statements for suspicious transactions is a proactive step that can help detect and mitigate potential fraud.

Share
Share
Pin it
Tweet
Share
Share
IT industrybyIT industry
Published

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
convendum banner
Advertisement

READ MORE