Security professionals explain Black Friday best practices for consumers and businesses
Consumers must ensure that they do not fall victim to fraudulent discount vouchers or fraudulent counterfeit websites of retailers.
Strong Black Friday and Cyber Monday sales crush the fear of retail apocalypse, but no worries about cyber security
The holiday season for the holiday season starts at record level, but analysts remind consumers to play it safely online.
Black Friday has quickly become the most lucrative day of the year for retailers around the world thanks to America’s growing obsession with shopping after Thanksgiving.
The figures for the days around Black Friday last year are striking. Retailers raised $ 6.22 billion in online sales on Black Friday and another $ 7.8 billion on Cyber Monday. Americans have now become so excited that the money is also starting to run on Thanksgiving Thursday, with more than $ 3.7 billion in revenue last year, an increase of 28% over 2017 according to CNBC.
For some companies, the single day can now represent up to 30% of their annual sales.
These astonishing figures coincide with a sharp increase in cyber attacks, offenses and monetary amounts lost due to the efforts of hackers around both Black Friday and consumers.
Last year, Amazon shoppers reported that they had been hacked hours before Black Friday came, and this year Macy’s had to send a letter to affected customers who admitted to a devastating hack that gave criminals access to thousands of credit card numbers.
To help protect consumers and protect businesses from hacks, TechRepublic spoke to security researchers about best practices that people and businesses can use to stay safe while shopping until they arrive on Black Friday.
SEE: Special report: a winning strategy for cyber security (free PDF) (TechRepublic Premium)
Cyber security company SiteLock published a detailed investigation into the security landscape of Black Friday and talked to consumers about how they feel prior to the shopping holiday. Nearly 70% of consumers said they were concerned about stealing their personal information as a result of online shopping and about 40% said it was unlikely to shop at large, well-known online retailers or smaller, less well-known online retailers as their information was compromised through them.
In an interview, the author of the report, SiteLock channel and product specialist Monique Becenti, said that violations, especially during high-income holidays such as Black Friday, were particularly costly for companies and should be prevented by proactive measures.
“Holiday breaches can cause downtime or reputation damage, which can cause a huge dent in seasonal sales and a company’s profit. Although both large and small brands run the risk of attacks affecting the sale of holidays, an infringement may occur a small online retailer because these companies typically have smaller budgets and fewer resources to protect themselves, “she said.
It is also a dangerous time for consumers because of the flood of fake websites and scams that go together with coupons and sales announcements.
“There are huge opportunities to steal things during the holidays through malicious coupons links, email marketing scams and gift card scams,” Becenti said. “Black Friday is the biggest shopping day of the year and criminals usually use these types of roads to benefit from personal identification.”
According to Becenti, her research showed that many cyber criminals created fake websites that seemed to be connected to real brands to buy fake coupons or forms that asked for consumer information in exchange for discounts. Another major concern was fake apps – which are easy to find in most app stores – that offered fraudulent coupons or dubious e-commerce portals.
All the deals that seemed too good to be true were probably exactly that, and consumers had to make sure they checked all the links they had clicked on. Every link that is clicked in an e-mail must be checked again in a browser to make sure that it does not come from a website that is bound by brand names in the name of Becenti. People need to search for SSL certificates on websites to check if they are legitimate.
In her report and in her research, she said she discovered that many people were hacked while shopping through their smartphones on public Wi-Fi networks. When consumers shop outside their home, and even when they are inside, they must use VPN services to encrypt their internet connection.
Charity Wright, cyber threat information adviser at security company IntSights, published an in-depth report on the Black Friday threat landscape on November 14 that organized retail crime now costs retailers an estimated $ 30 billion a year.
She discovered that there was an emerging Dark Web underground community that bundled their efforts to target retailers and at the same time perfect point-of-sale malware, misleading web apps, and e-commerce ransomware.
Her report, “Cyber (Attack) Monday: Hackers focus on retail as e-commerce flourishes,” says retailers have spent millions building flashy e-commerce websites, but have neglected to adequately invest in advanced security protocols , making retail one of the most vulnerable industries for cyber attacks.
“The most common type of attack, according to a survey by our customers, is carding – especially transactions where the card is not present. They have reported that it is one of the most challenging attack areas they are trying to tackle,” she said. “There have been some improvements, especially with the credit card chips and tokens, but they are still struggling to figure out where these attacks begin and where they come from.”
According to her report, threat actors used tactics such as carding, where stolen credit card numbers are used to purchase prepaid gift cards, as well as point-of-sale malware, vulnerabilities of web applications and more.
Both Wright and Becenti said that companies must perform full, head-to-toe audits of their security infrastructure to disable access points that criminals can use to break systems. They must migrate data to a secure infrastructure and encrypt point-of-sale systems, card systems and processors.
But one of the problems during large volumes, such as Black Friday, is that cyber criminals know that it is difficult for card companies and companies to distinguish between legitimate and fraudulent purchases or accounts during the e-commerce flood. Cyber criminals have made it a habit to wait about 18 months to use stolen log-in data, which may result in a potential breach of long-term consequences.
“There’s a lot going on right now in criminal underground forums related to retail. Threat actors are organizing attacks, selling retail products and gift cards on dark web forums, and retailers need to have visibility on that space,” Wright said.
“To stop what’s going on and also be proactive and understand what threat actors do, you need to understand malware and the community that uses it,” she added. “All this information is available on those forums and markets.”
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: iStockphoto / seb_ra