Black Friday welcomes millions of shoppers online for attractive deals from varied retail outlets. But while the celebration is remarkable for both retailers and shoppers, cybercriminals are also on the loop and targeting it for attacks. In other words, cybercriminals have modeled different approaches to target distinct retailers.
One of the most common scams involves the use of stolen credit cards to buy gift cards and/or items from selected retailers, including Best Buy, Walmart, Target, Nike, eBay, Samsung, and Dell. The criminals easily access carding tutorials for around $25 which has modules specific for the targeted retailers.
The risk may be troubling but doesn’t mean that completely avoiding Black Friday shopping bargains is promising. On our list are top six cybersecurity risks to look out for and how to stay secure.
1. Fake shopping websites
Criminals will definitely host fake websites to take advantage of the Black Friday shopping frenzy. You are not expecting the ghost website to look different from the real thing if the cybercriminals mean business. They set up a replica of the shopping website you’re familiar with, including the website address. By shopping on a fake website, you are freely giving away your credit card details, which the hacker can use to rinse your bank account.
Shoppers may use the wrong address by mistakenly typing a wrong web address such as typing in “Wolmart” for Walmart. You must look at the website address and ensure to see the padlock to establish that the website is secure.
2. Phishing attacks
Watch out for increased phishing attacks, mostly on emails. Shoppers are warned not to click links or open attachments that appear to be from trusted vendors. There is a high need to be careful of phishing attempts. Consumers are advised to go directly to a store’s website to check good deals they see on an email, and not to click on any provided link on the email.
Similarly, good deals posted on Facebook, Instagram, Twitter, etc should be treated like those received via email, regardless of the number of likes.
3. App spoofing
Be mindful of the shopping holiday apps you download, especially outside the Apple App Store and Google Play. Some apps will try to trick you into entering personal information and requires for permission to gain access to your device features and files. Shopping apps belonging to a retailer should state the developer accordingly.
Also, Cybercriminals use Black Friday themed apps to trick shoppers into entering personal data such as passwords, contact details, and credit card information. Some of these apps also available in legitimate app stores trick consumers into downloading malware. Always download shopping apps using links on the retailer’s website.
4. Banking malware attacks
Credential-stealing banking malware attacks are now on the increase unlike before. Banking Trojans before now target online financial transactions, but have moved further to hunt for online shopping related data. Cybercriminals take advantage of consumers using infected devices to conduct transactions. The Trojan simply intercepts data entered on a shop’s payment page and relay them to the criminals.
Shoppers are advised to regularly update their applications and operating system as soon as they become available. Ensure that the device for online shopping is secure and validate the integrity of retailer’s website before downloading or entering any data.
5. Malicious browser extensions
Another method commonly used by cybercriminals around Black Friday is the use of malicious browser extensions. Though people use extensions to improve their browsing experience, it’s a common loophole for Facebook account hijackers, cryptocurrency miners, spyware, malware, and other malicious extensions. The danger is not just having them installed but the authorization users grant extensions, including permission to save or modify data exchanged on websites.
6. Search engine infiltration
Search engine infiltration is not new but a potential threat on Black Friday. In that case, when a shopper searches for “best Black Friday deals,” for instance, they may see malicious links in the search results. The links are either leading shoppers to fake shopping websites or download malicious software, which could be for credential-stealing or phishing, to a device.
The fraudsters push false information to the top of interest search results using a technique referred to as SEO poisoning. Shoppers are advised to think before they click on links or share any sensitive information.