cybersecrity – CyberSecurity Confabulation

The Cybersecurity Risks of Black Friday 2024: What are the Experts Saying? Pt.2

This week marks Black Friday 2024! As the popularity of this event has skyrocketed in recent years, so have the cyber risks involved in buying and selling products. In the second of two articles, we have gathered some insights from cybersecurity experts who have their say on Black Friday, from the threats faced by consumers and vendors, to the best practices advised to stay safe.

Tim Ward, CEO and Co-Founder of ThinkCyber Security:

“Black Friday, Cyber Monday, and the holiday season are some of the busiest times of the year for online shoppers. Unfortunately, they’re also prime opportunities for cybercriminals to exploit consumers’ hasty shopping habits. With so much focus on finding the best deals, many shoppers are more vulnerable to scams, especially those disguised as unbeatable offers, unexpected refunds, or delivery notifications.

Psychology plays a significant role in how scammers succeed. Our brains are wired to seek shortcuts and rely on heuristics—mental rules of thumb—to simplify decision-making. During the holiday season, we’re inundated with “amazing deals” and promises of massive savings. This constant exposure to offers can prime us to expect such opportunities everywhere, making us more likely to fall for scams. The mere-exposure effect, a principle of cognitive psychology, explains that the more familiar something feels, the more we trust it—regardless of its legitimacy. Scammers exploit this by crafting offers that appear increasingly credible with repeated exposure.

Scarcity is another tactic commonly used by both legitimate marketers and cybercriminals during the holidays. Phrases like “Offer ends today,” “Limited stock,” or “Don’t miss out!” are designed to create urgency and push consumers into acting quickly. Scammers leverage this psychological pressure to lure victims into clicking on fraudulent links or sharing personal information.

So, how can we help shoppers protect themselves from these risks? Education and awareness are key. For example, “re-priming” individuals by exposing them to examples of scams can make them more alert to offers that seem too good to be true. By bringing the possibility of a scam to the forefront of their minds—especially when interacting with emails or online offers—we can help them pause and evaluate the situation more critically.

Another approach is to guide individuals from relying on intuitive, automatic decisions (System 1 thinking) to more deliberate, cautious decision-making (System 2). For instance, reminding users to verify unfamiliar senders or question urgent calls to action can encourage them to think twice before clicking. Additionally, providing examples of phishing emails that use scarcity tactics can empower individuals to recognise and report suspicious messages.

Finally, it is crucial to foster an environment where people feel comfortable asking questions or reporting concerns. Real-time nudges—such as alerts for potentially risky emails—can further reinforce secure behaviours. By increasing familiarity with common scams and building awareness, we can empower consumers to shop confidently and safely during the holiday season.”

Darren Guccione, CEO and Co-Founder of Keeper Security:

“Black Friday kicks off the holiday shopping season, with retailers competing for online customers by offering enticing discounts. However, behind these tempting deals and flashy banners, cyber threats may be lurking. The wide array of offers by online shopping platforms can also attract cybercriminals looking to hack accounts, steal banking information or trick shoppers into clicking on malicious links. As tempting as a deal may be, it’s crucial to follow some important security measures to ensure a great find doesn’t turn into a digital nightmare.

Choose Websites Carefully: With so many deals, it’s easy to click on the first link or the next ad seen on social media or your web browser. However, not all websites are equally secure. Stick to well-known retailers, research reputable brands and ensure that the URL starts with “https” to guarantee a minimum level of security.

Update Devices: Cyber attacks often exploit vulnerabilities in outdated systems and applications. Make sure your phone, computer and all applications are up-to-date before shopping online. With the latest versions of an operating system and antivirus programs, online security is strengthened.

Protect Passwords: Every online store requires its own account, but many people reuse the same passwords across different sites. This habit makes it easy for cybercriminals to infiltrate multiple accounts with one compromised credential. Use unique, complex passwords for each site, and, if possible, use a password manager to simplify management and enhance security.

Use Secure Payment Methods: Online shopping requires sharing financial information. Choose payment methods that offer security, like credit cards or secure payment services such as PayPal. To prevent card information from being easily accessible, don’t save it directly on websites or browsers, and never share your financial information via email or messaging – even in the retailer’s chatbot feature.

Be Cautious of Deals That Seem Too Good to Be True: Cybercriminals know how to leverage the excitement of the season by offering overly tempting deals. Be wary of unrealistic discounts or offers that pressure you with limited stock. If a website seems suspicious, verify the legitimacy of the offer through other channels before clicking on it.

Enable Anti-Phishing Warnings: High shopping seasons are ideal for phishing attempts. To avoid falling into these traps, learn to recognise suspicious emails. Grammar mistakes, poorly reproduced logos or strange links can be red flags. If you receive an offer by email, don’t click immediately – visit the official website through a search engine instead.

Avoid Public Wi-Fi: Free Wi-Fi is convenient but not secure. For safer shopping, use your home network or your mobile connection while you’re making purchases. Public networks could expose your sensitive data to hackers who monitor user traffic.”

Jasmine Eskenzi, Founder and CEO of The Zensory, says:

“With Black Friday imminent, many of us may be planning to peruse the latest deals online. But with time pressures (one day only!) and emotive language (unmissable deals!) hidden within marketing materials and ‘across the whole site’, many of us may be put in a position where we feel pressured to make purchases that we may otherwise have not made. But why? And how can we make more conscious purchasing decisions this Black Friday and Cyber Monday?

The Psychology of Stress:

When we’re presented with ‘urgent’ decisions (like an ‘unmissable’ deal written in big red letters), our minds enter a state of stress. This leads us to something called ‘amygdala hijack’. Ultimately, the stress response ‘hijacks’ the area responsible for our fight, flight and freeze response (the amygdala). When our amygdala is activated, this leads to decreased activity to our prefrontal cortex, the part of our brain responsible for attention, memory and focus, located at the front of the brain. So this means, when we’re under high stress, we actually struggle to think clearly, retain information, and our impulse, inhibition and cognitive functions are decreased. These techniques are also often used by hackers to trick victims into giving away sensitive information.

Tips:

Take a breath: It sounds deceptively simple, but one way to get your brain out of ‘fight or flight’ mode is to take a deep breath. Breathe deeply into your belly and become mindful of your surroundings using your five senses (touch, sight, hear, smell or taste). This is a grounding exercise.
Be conscious of scams: In amongst the flashy deals will be cybercriminals looking to exploit unsuspecting victims. Phishing emails may look like they’re from a legitimate source, but they could be fake emails intending to steal credentials or money. Be mindful of the source an email comes from, hover over the email address, don’t click any links if you’re unsure of their legitimacy (search directly).
Ruminate on deals: Alongside taking breaths and practicing grounding exercises, remember that it’s okay to take a step back and revisit an offer later on, especially if it’s not something you were planning to buy (there’s always cyber monday, wink wink). By being more conscious about the things you’re buying, you save money and avoid making impulsive buys.”

Ben Hutchison, Associate Principal Security Consultant, Black Duck.

“Sadly, the old adage that ‘if it looks too good to be true, it usually is’, still holds true today, even during this time of year. Unfortunately, fantastic-sounding discounts that suddenly appear as emails, text messages, or ads while browsing may not be trustworthy and could compromise consumers’ details, devices, and information.

Consumers can minimise these risks by not replying to or clicking on any such offers, links, or adverts and should attempt to verify any deals by going to a more trustworthy source, such as the company’s website or store home page directly. Attackers may set up spoof versions of these legitimate websites, so users should always ask themselves if this is a domain/website address they recognise and not only rely on suggestions in search results. Users should also follow general cyber security hygiene techniques, such as ensuring their devices and browsers remain up to date. If in doubt about the legitimacy of a promotion, advert, or discount, users may want to consider contacting a sales or support representative via an alternative contact method obtained from a trusted location, or in the case of a local store/chain, users can physically visit the store and confirm if the promotions are legitimate.

Organizations can also take steps to mitigate such exploits from being successful if targeted against their employees/environment through defence in depth mechanisms and good security practices. These may include network segmentation, email security and scanning measures, link verification, DNS filtering, leveraging endpoint detection and response solutions, limiting code/file access and execution where practical.”

The post The Cybersecurity Risks of Black Friday 2024: What are the Experts Saying? Pt.2 appeared first on IT Security Guru.

The Cybersecurity Risks of Black Friday 2024: What are the Experts Saying?

Posted 3 months ago by James Turnbull

This week marks Black Friday 2024! As the popularity of this event has skyrocketed in recent years, so have the cyber risks involved in buying and selling products. In the first of two articles, we have gathered some insights from cybersecurity experts who have their say on Black Friday, from the threats faced by consumers and vendors, to the best practices advised to stay safe.

Paul Bischoff, Consumer Privacy Advocate at Comparitech:

“Black Friday is one of the biggest shopping events of the year, offering consumers massive discounts and deals in stores and online. While it’s an excellent opportunity to snag bargains, it’s also a prime time for scammers to exploit eager shoppers. Identifying and avoiding these scams can save you from financial loss and keep your personal information secure.

Last year alone, consumers lost over $8.8 billion to online fraud, according to the Federal Trade Commission. Scam attempts always spike around Black Friday and Cyber Monday. But don’t worry – we’ll show you exactly how to spot these tricks and shop safely.

To protect yourself this Black Friday, you should be watching out for those too-good-to-be-true emails. For example, emails titled “90% OFF EVERYTHING!” from what looks like Amazon or Best Buy. The email appears perfect, down to the logo and formatting. But here’s the catch: clicking that “amazing deal” link could lead you to a fake website that steals your credit card information. In fact, according to Target’s security team, scammers frequently create fake Target websites during Black Friday, often using similar-looking domain names and copied logos to trick shoppers. The FTC reports that retail impersonation scams increase 75% during the holiday shopping season. Shoppers can protect themselves by following these steps:

Hover over (don’t click!) email links to preview the real URL

Look for spelling mistakes or unusual sender addresses (like amazon-deals@gmail.com)
Type the store’s web address directly into your browser instead of clicking email links

Consumers also need to watch out for social media shopping traps. Social media platforms are flooded with fake stores during Black Friday, and many disappear after collecting payments. A few warning signs to take into consideration are brand new accounts with no customer review, prices that seem impossibly low, poor-quality product photos and pressure tactics such as “Only 2 left!” or “Offer expires in 10 minutes!”.

Also, during Black Friday, scammers flood the market with discounted gift card offers that would race any bargain hunter’s heart. But here’s the harsh truth: according to the FBI’s Internet Crime Report, gift card scams cost Americans over $148 million last year alone. A few smart shopping tips for consumers are:

Only buy gift cards directly from authorized retailers

Never purchase “discounted” gift cards from individuals online

Check gift card balances immediately after purchase

Keep your receipt until you’re sure the card works

Never send gift cards in the mail”

Jamie Beckland, CPO at APIContext:

“With Black Friday just around the corner, e-commerce teams should be ready for anything. Load testing is common to ensure infrastructure can handle increased shopper traffic, but many overlook the threat of API misuse, which can open the door to bulk order abuse.

APIs run every part of the e-commerce stack, enabling seamless interactions between front-end systems, payment gateways, inventory management, and third-party integrations. However, poorly secured APIs can be exploited by malicious actors to execute bulk order scams—leveraging automation to exploit pricing errors, bypass purchase limits, or stockpile items meant for individual customers. These exploits are targeted and malicious, and often leverage the same APIs that power customer experiences.

To mitigate these risks, vendors should implement robust security measures such as rate limiting, authentication mechanisms like OAuth, and anomaly detection to identify unusual purchasing patterns. Regular audits and penetration testing can also help identify vulnerabilities before they’re exploited. By addressing API security proactively, businesses not only safeguard revenue but also ensure customer trust during the holiday rush. Black Friday should be a time for deals, not data breaches.”

Jamie Akhtar, Co-founder and CEO of CyberSmart:

“Black Friday offers bargains for savvy shoppers, but it also poses security risks for consumers and businesses alike. To illustrate what we mean, the UK alone saw losses exceeding £11.5 million due to online shopping scams between November 2023 and January 2024.

However, forewarned is forearmed, so here are some of cybercriminals’ top tactics for Black Friday scams.

Phishing Scams

While phishing scams are a year-round problem, the threat becomes particularly pronounced between Black Friday and Christmas. According to Bitdefender, 70% of Black Friday-themed spam emails in 2023 were identified as scams, revealing the scale of the problem.

Worse still, cybercriminals are increasingly using AI tools to create and distribute these scams, making them harder to identify.

Fake websites
Cybercriminals create imitation websites that closely resemble legitimate retailers. These sites often advertise unbelievable deals through search engines to lure shoppers into entering personal and payment information, leading to identity theft or financial loss.

Gift card frauds

Fraudulent schemes involving gift cards are another common tactic. Essentially, scammers sell fake or drained gift cards for large online retailers to victims.

Fake Order Confirmations
Scammers send emails or messages that mimic order confirmations for purchases that were never made. These communications often contain links to phishing sites or requests for personal or financial information.

Social Media Scams

We all remember the huge uptick in Facebook Messenger for Business scams during 2023 and cybercriminals use the same tactics to launch Black Friday scams. Scammers use social media to promote fake bargains or impersonate brands. Unfortunately, this usually pretty successful; fraud losses climb by around 20% in the festive shopping season.

Delivery Scams
Scammers may send fake delivery notifications via email or text, prompting victims to provide personal information under the guise of confirming a delivery.

Transaction Failure Scams

Victims receive spam emails claiming that a recent transaction has failed, tricking them into providing sensitive information to resolve the issue.

Account Verification Scams
These scams involve messages asking users to verify their accounts due to suspicious activity, leading them to phishing sites designed to collect login credentials.

How to protect yourself/your business:

For consumers

Always verify the legitimacy of websites before making purchases
Be cautious of unsolicited emails and messages
Use secure payment methods like credit cards instead of wire transfers
Look for signs of counterfeit goods and check seller reviews

For businesses

Provide staff with training on the dangers of Black Friday shopping
Implement MFA across all company devices and applications (including personal devices being used for work)
Where possible, dissuade staff from using company devices for shopping
Put clear usage and security policies in place for employees
Mandate VPN use for all staff, particularly those working remotely.”

Andrew Bolster, Senior Manager, Research and Development, Black Duck.

“One thing consumers should be more vigilant for is ‘astroturfing’ product reviews and testimonials. In past years, we typically trusted the experience and advice of our neighbours and peers, and recommendations were worth their weight in gold, but in the world of online retailing in the context of modern Large Language Models, shoppers need to be aware of retailers or suppliers using AI generated synthetic reviews of their own products to drive sales. Shoppers should always take online reviews cautiously and with a grain of salt, and where possible, seek and share recommendations among friends and family.”

Thomas Richards, Principal Security Consultant, Black Duck.

“Consumers should be extra diligent this shopping season as we approach Black Friday and the holiday rush. With the number of breaches this year, a lot of consumer data is in the hands of malicious actors who can use it to craft very convincing messages via email and text. Consumers should be cautious when clicking links to emails that sound too good to be true. Yes, some holiday deals are very good, but that does not mean they all are. Always check the sending email address to be sure it matches the website of the company it is purporting to be from. If you receive an email from an online store that you don’t recognise offers amazing deals on hard-to-get items, it’s probably a scam. The best deals will mostly happen from established retailers or the company themselves.”

The post The Cybersecurity Risks of Black Friday 2024: What are the Experts Saying? appeared first on IT Security Guru.