Black Friday and Cyber(Security) Monday

Sharon Holland

We have reached that time of year again.  The clocks have been put back, the nights get darker, and the weather is getting colder. Halloween is out of the way, so we are all on the countdown to Christmas.  And part of the countdown includes two more recent American traditions – Black Friday and Cyber Monday.

What are Black Friday and Cyber Monday?
Black Friday is the name given to the shopping day after Thanksgiving. It was originally called Black Friday because so many people went out to shop that it caused traffic accidents and sometimes even violence.
Retailers did not appreciate the negative connotation and wanted to make the name “Black Friday” mean something positive. To them, the Friday after Thanksgiving was one of the most profitable days of the year. Accountants use black to signify profit when recording each day’s book entries. They use red to indicate loss. Therefore, Black Friday means profitable Friday to retailing and to the economy.
Cyber Monday is the first Monday after Thanksgiving. It was christened by Shop.org in 2005. At that time, shoppers needed the faster internet speeds from work computers to shop online.
Source: Thebalance.com

While this is seen as a chance to grab some bargains by most people, it is also a great opportunity for cyber criminals.  The threats can take many forms and result in anything from minor inconvenience to full-on identity theft.

 

What Do I Need To Look Out For?

Cyber criminals are constantly refining their methods so you need to be on the look out for anything that either seems out of the ordinary or is from an organisation you would not normally use.  Just because you have not heard of the scam before does not mean that the email is genuine.  The recent TV licencing scam caught many people out.

Some of the main things to look out for are:

  • Short-term Deals – Customers keen to take advantage of quick deals may be less likely to check carefully that websites are genuine and secure and so end up on a fake website.  A lot of work goes into these so they look professional and can be very convincing
  • Phishing Emails – These will increase and are likely to trick people into clicking on a malicious link or attachment.  These come in a variety of guises:
    • Your account has been blocked
    • We have spotted suspicious activity on your account
    • An invoice
    • Payment advice/order confirmation
    • Failed delivery attempt
  • Unavailable websites – Cyber criminals will target online retail websites with a DDoS attack threat, possibly coupled with demands for ransom.  Doing this at a time of peak demand increases the chances of disrupting the website and making it unavailable.  With the genuine site unavailable it increases the likelihood that you could end up on a fake site.
  • Card Payments – The increased volume of shopping at this time of year, even for people that don’t usually do much shopping, means erroneous card payments are more likely to go undetected either by you or your banking organisation.

Whilst Black Friday and Cyber Monday might be prime days for these threats, they will certainly continue in the run up to Christmas and the January Sales.  This means it is more important than ever to do all you can to be secure online and make Cyber Monday a ‘Cybersecurity Monday’.

What Can I Do?

Vigilance is the main way that you can protect yourself, and below is our list of a few of the things to look for:

  • If something looks too good to be true it probably is.  Go directly to a retailer’s website and search for the product to ensure the deal is legitimate.
  • If you are browsing using public Wi-Fi, only enter your credit card details and other login credentials if you are sure you are on a secure network.
  • Ensure your passwords are secure and incorporate enough complexity, including upper and lower-case letters, numbers and symbols.
  • Organisations such as Banks, Paypal, HMRC and TV Licencing will never send you unsolicited emails asking for bank details and/or your personal information, or telling you that you may be entitled to a refund.
  • Check the email contains your name and has not just picked up your email address eg ‘Dear joepublic@gmail.com’ instead of ‘Dear Joe’
  • Are there too many different styles or typefaces in the email – scammers often take a genuine email and then just alter parts of it.
  • Check for too many spelling or grammar mistakes in the text of the email.
  • Don’t just look at the display name, but check the email address it has actually come from:  Amazon.co.uk <amazon@eflkjas.com>
  • Before clicking the link in an email, make sure the website address itself looks genuine, don’t rely on the display text that appears in your email.  Either hover over the link (on a computer) or hold down the link (on a phone) and you should see the full website address. If in any doubt, use Google to find the correct website.
  • Watch out for typo-squatting, where cyber-criminals change one or two letters to trick you into thinking you are on a legitimate website.  An example would be “amazan” rather than “amazon” – and these sites can look just like the genuine website.
  • Ensure the site really does have “https” in the URL and not just “http”, even if it’s displaying the padlock icon in the address bar.
  • Check there are contact details, such as phone number or email addresses, in case something goes wrong with the order.
  • Ensure you have security software installed that protects you while you are browsing online and also offers protection against malware downloads
  • Keep your operating system and browser software up-to-date with the latest updates, to ensure as many of the latest bugs and vulnerabilities have been fixed.

So to make sure you don’t end up giving the criminals an early Christmas present, thoroughly check any emails and websites before you click any links or hand over any personal information.