With Black Friday just days away and Cyber Monday quickly approaching, experts are warning retailers to remain weary ahead of a forecast spike in cyber-crime.
An emerging raft of cyber threats are making both retailers and consumers vulnerable to cyber-attacks that could cost millions, and retailers and consumers are the most vulnerable to these threats during sales like Black Friday and Cyber Monday, experts say.
Garrett O’Hara, Principal Technical Consultant, Mimecast said that cybercriminals look to take advantage of consumers’ lowered attentiveness during these busy sale periods.
“Seasonal sale periods like Black Friday, Cyber Monday, and Click Frenzy create the perfect storm for cybercriminals, with ‘click happy’ consumers far more likely to fall prey to social engineering and brandjacking-style cyber-attacks. They are doing three things that make them vulnerable: buying from commonly brandjacked companies, waiting for shipping company delivery emails and hunting for bargains,” he says.
Nick FitzGerald, senior research fellow, ESET, also warned consumers and retailers to be on high alert ahead of these sales.
“Everyone loves a bargain, especially in the lead-up to Christmas. It’s times like these, however, that hackers pay extra attention to payment details and shopping activity moving through networks.”
“Online shoppers need to exercise caution at all times of the year. However, with Cyber Monday and Christmas around the corner, consumers should become hypervigilant online, so as to avoid scams, threats, and risks which could easily derail fun shopping experiences.”
And retailers should also be advising consumers of these cyber risks, Mr O’Hara says.
“For retailers, it’s worth advising current and prospective customers to be on high alert. Highlighting the correct email address to expect notifications from is a simple and effective way to help customers avoid falling victim to cyberattacks.”
Five threats to know about and how to tackle them
These are the top five threats that shoppers and retailers need to be aware of and the best ways to tackle them, according to Mr Fitzgerald
Phishing attacks usually appear in consumers’ email inboxes, although SMS phishing (aka, “smishing”), and in-app messaging spam is also used, Mr Fitzgerald said. These attacks often target bank account or credit card details, he said.
“These messages lead recipients to fake retailer websites, or to non-existent items for sale. Phishing emails are common and dangerous.”
“If consumers receive shopping suggestions and emails from unknown addresses, it’s best to avoid making any payment, and ideally, block the sender. Consumers should remain very wary of bargains that seem too good to be true.”
2. Avoid shopping from mobile phones
As online purchases continue to grow, consumers need to be careful about storing personal data on their smartphones, Mr Fitzgerald says.
“The rising popularity of smartphones as a purchasing platform is problematic, according to ESET, due to the large amount of personal information, banking and finance apps, and contact details people store in their personal devices. Additionally, it’s less likely consumers have malware protection on their personal devices compared to their desktops and laptops.”
Consumers should try to purchase products on their desktops where possible, Mr Fitzgerald says.
3. Use trusted networks and secure shopping sites.
Shopping through secure networks is also critical, Mr Fitzgerald says.
“Payment details transmitted across unsecured networks to unencrypted websites can end up in the wrong hands. While shoppers might enjoy connecting to their local café’s Wi-Fi and perusing online sales, open and public networks like these can harbour malicious actors and are easily eavesdropped,” he says.
“Consumers can see if shopping sites are encrypted by checking if website URLs begin with “https” instead of “http”. “https” URLs indicate a site is encrypted, and will keep data secure as it passes from browsers to the site’s server.”
4. Steer clear of pop-ups.
Avoiding clicking on pop-up ads is also a good way to safeguard yourself against a cyber attack.
“Many consumers browsing for online bargains fall prey to enticing pop-up ads. If unprovoked windows, images, or pop-ups appear while shopping online, it’s vital shoppers avoid clicking on them and, ideally, close all open browser windows to eliminate cyberthreats,” Mr Fitzgerald says.
5. Avoid oversharing.
Being careful about sharing your purchases and spending on social media is also important.
“Consumers who share updates about their spending and purchase patterns on social media are likely to catch the attention of malicious actors. The more information consumers share online, the more information hackers have about their personal spending preferences, the brands and shopping websites they frequent, and the times of day they shop,” Mr Fitzgerald says.
“Consumers should keep as much purchase information as they can private, even if these details seem innocent and innocuous.”
Other ways to reduce your risk
It is particularly crucial that shoppers and retailers are vigilant about suspicious emails, according to Mr O’Hara.
“To avoid the risk of getting more than you bargained for, stop and assess each email before you click. Being vigilant could save you a lot of time and hassle,” he said.
“Clicking on an email attachment that is disguised as an order confirmation, re-entering credit card and delivery details in response to a fake payment failure email, or simply clicking on a link that showcases the latest bargain from your favourite brand can start a chain of events that can lead to financial loss, theft of personal information, harassment, or worse.”
Shoppers should also be careful to ensure content is legitimate in the checkout process.
“Before online shoppers click ‘purchase’, they should check that the contents and origins of their shopping carts are legitimate, and protect themselves against potential cyberthreats.”