How can we stay safe during Black Friday shopping?

Many of us eagerly await the annual Black Friday offers to get a good deal on holiday presents (or gifts to self!). Unfortunately, Black Friday is also a great opportunity for cybercriminals looking to scam customers out of hard-earned money and valuable personal data.

The Black Friday weekend, which runs from Thanksgiving Thursday through to Cyber Monday, typically brings in billions of dollars’ worth of sales. For example, the National Retail Federation (NRF) predicts that the 2019 Black Friday holiday period will see an increase in sales of between 3.8 percent and 4.2 percent over the 2018 period.

Year-on-year sales increases also result in year-on-year increases in fraud. Black Friday offers the cybercriminal ample opportunity to commit fraud. Much of this uptick in cybercrime and sales can be attributed to the move to a more online channel preference for purchases. In 2018, a whooping 67% of purchases were made via a mobile channel, according to SalesForce. In addition, social media was widely used by consumers to check out products and promote purchases made.

As we enter the Black Friday and the wider holiday season, what kind of cybercrime should we watch out for and how can we protect ourselves and our customers against it?

.

Phishing on Black Friday

Phishing is still the number one tactic used by cybercriminals to steal data, login credentials, and financial information.

►► Related Post: Phishing: 3 Methods to Protect Yourself from Cyber Fraud

In 2018, phishing emails and messaging app-based phishing were extensively used to con shoppers. WhatsApp, for example, was used by fraudsters to phish shoppers over the Black Friday period of 2018. This year, WhatsApp has added a new feature in the form of their Business WhatsApp, allowing companies to create a shopfront on the app. Fraudsters may well use this WhatsApp connection during Black Friday to create new phishing campaigns that look even more legitimate.

One of the reasons that phishing campaigns are so successful is because they use human behavior to enable the scam. Social engineering is a technique used in phishing to encourage users to carry out actions that result in stolen data and/or malware infections.  Black Friday scams are keen advocates of social engineering.

.

Signs of a Possible Black Friday Shopping Scam

1. An email or mobile app message with an offer that is too good to miss! One 2018 WhatsApp phishing campaign included an offer for 99% off purchases.
2. Use of legitimate brands to trick shoppers: Fraudsters often use well-known brands such as Amazon or Walgreens to disguise their malicious emails. They will use the brand to make the amazing offers mentioned above to add a degree of legitimacy to the email or message.
3. Social links to Black Friday deals that are spoofs are increasingly being used to trick shoppers. They may offer money-off vouchers, for example, enabled by clicking a link. The link will invariably be malicious and go to a spoof site that will attempt to harvest data or even infect a computer with malware.

.

Tips for Consumers to Stay Safe During Black Friday Shopping

There are a number of basic security hygiene methods that customers can use to stay safe this Black Friday holiday.

1.    Verify If Your Connection is Secure

Customers should check that a shopping site uses secure connections. A URL that begins with HTTPS is a good starting point.

Also, customers should check whether the URL makes sense. For example, if they are navigating to an Amazon.com site, they should check it really is Amazon.com and not a spoof URL, e.g. Amason.com or Anazon.com. Fraudsters often swap out one or two letters in a URL to trick users.

.

2.    Become Familiar with Common Scams

Of phishing and other social engineering scams. Shoppers should try to be aware of the typical phishing tricks used by fraudsters.

.

3.    Use Bank Protection

Some types of financial cards offer cover if money is lost in a fraudulent transaction.

.

4.    Use a Safe Wi-Fi Network

Be careful using free Wi-Fi to make purchases. Wherever possible, use a secure Wi-Fi connection and/or a Virtual Private Network (VPN) to login to accounts and make online payments.

.

5.    Be Wary of Mobile Apps

Fake shopping apps are being used to trick shoppers into handing over money for fake purchases.

.

What Can Retailers Do to Help Customers Stay Safe During Black Friday Shopping?

Retailers also play a large part in ensuring their customers are safe from Black Friday shopping scams. These tips help your business to offer a robust and secure Black Friday shopping experience:

1. Support options such as the new PSD2 rules on secure authentication (SCA) and 3D Secure. This requires the entry of a credential to initiate a payment during a transaction. This effectively adds another layer of security to a payment process.
2. Use communication encryption (HTTPS) across your website correctly and wherever there is any data capture.
3. Avoid the use of links in emails; instead always encourage customers to navigate directly to your site.
4. Ensure your site protects against the OWASP top ten security issues for web applications and check your site for malware infection regularly.
5. Follow good data privacy practices as outlined in the EU’s General Data Protection Regulation (GDPR) and Canada’s PIPEDA.

.

Conclusion

Black Friday and Cyber Monday are a great excuse to spend money on family and friends in readiness for the holiday season. Unfortunately, cybercriminals also see this season as an opportunity to defraud customers. By following robust security practices, the impact of cybercrime can be minimized, and Black Friday shopping can be enjoyed by all.

To learn more about effective security habits, download our infographic “Top 10 Security Tips”.