The end of November marks the magical time of year when we start to enter the Christmas period. It also marks one of the busiest times of the year for e-commerce, with frantic online shoppers rushing to get the best deals during Black Friday weekend.
Unfortunately, hackers have cottoned onto this and see this as an opportune moment to wreak havoc and gain financially.
Attacks on retail sites surged 34% last year, so retailers and shoppers alike are warned to be extra cautious these coming weeks over Black Friday and the Christmas period when hackers may well take advantage of panic present buying.
Phishing still takes the top spot when it comes to cyber attacks and is often a popular technique used on shoppers. You can expect to have a much fuller inbox and junk folder during the month of November-January.
Common phishing scenarios can include:
This email is not unfamiliar and usually comes when first signing up to something when the application wants to confirm you are who you say you are. However, you’ll occasionally be asked to verify account details if there’s been an issue with your account, for example, a suspicious login. Hackers often send an email disguised as this, using the same branding as a platform or website you have an account with.
It’s always a good idea to be cautious with any email requesting action, especially one that refers to payment or bank details. Hackers will usually mask themselves as a trustworthy sender and the payment link you click on may look exactly like you’d expect an Amazon webpage to look like. While you may be concerned that if you don’t act quickly you could lose out on your Black Friday purchase, always go through the website itself - it’ll be clear quite quickly if there’s actually a problem with your payment information!
Not something you want to see when you’ve just got a great Black Friday deal. The message may not even tell you what the order is without clicking on the link, but even if it does, it’ll likely not be something you recognise, which can cause a panic. Social engineering scams like this are designed to play on our emotions, stirring us into action.
Similarly, you might get a message regarding a delivery you didn’t arrange. Confused and concerned, you might end up clicking on the link where you could be asked to confirm your personal details so the delivery can be tracked. Of course, this is actually a bad actor looking to harvest your data.
Ever scoured the first few entries of a product review section and thought ‘I have to have this!’. Well, chances are, those reviews may not even be real. Bot reviews are particularly common around Black Friday but these are generally easy to spot with their awkward turns of phrase and overloaded jargon.
The ones you’ve got to watch out for are those written by humans that essentially have been rewarded for giving a fake complimentary review of a product or service. Where possible, it can be a good idea to see if the product you’re interested in is available on other sites and have a look at reviews there so you don’t accidentally make a purchase you’ll regret.
Whether it’s clicking on a malicious email or misspelling the retailer’s name in the address bar, you might find yourself on a spoofed website this Black Friday. This website might look like a retailer you love and you could be quickly drawn in by some great Black Friday deals being advertised.
But while urgency is encouraged during a sale, it’s not when it comes to cyber security. Make sure you’re on a legitimate website by checking the URL carefully, especially if you’ve come via an email. Some people even bookmark their favourite shopping sites over this period for ease of access and the reassurance that it’s the real deal.
You’ve probably all heard that story about a friend of a friend who bought something online that never showed. This is a common Black Friday scam to watch out for, where you might purchase a great deal and then never receive it in the post. Not only have you then given out your payment details but likely plenty of other personal information like names and delivery addresses.
The best way to avoid these scammers is to stick to the sites you know. If you’re purchasing from an individual seller on a site like Amazon or eBay, make sure there are reliable reviews before buying anything. Avoid sites that look overly flashy and gimmicky with fake reviews as these can often lead to non-delivery scams.
Wherever your online shopping takes you this holiday period, be on high alert for Black Friday scams and other common social engineering hacks targeted at unsuspecting shoppers. Check the sites you’re using, avoid clicking on emails from retailers (instead go straight to the source), and be wary with new retailers and sellers.
Happy (secure) shopping!