The frenzy of Black Friday and Cyber Monday shopping has become an annual tradition for many. However, the allure of unbeatable deals often overshadows the growing threat of online scams. In recent years, the number of consumers falling victim to Black Friday fraud (such as phishing attacks) has surged.
A 2019 Barclays study revealed that nearly a quarter of 18-34-year-olds had been scammed during the previous five years. The pressure to snap up bargains is intense, with almost a fifth of shoppers admitting to feeling rushed last year. Consequently, many are tempted to abandon their usual caution and shop on unfamiliar websites. The financial consequences of these scams are severe, with average losses exceeding £661 per victim.
Tactics employed by cybercriminals include fake advertisements, selling nonexistent goods, and stealing personal data. Given these alarming statistics, it’s imperative to understand how consumers can protect themselves while shopping online. Simultaneously, retailers must prioritise customer security to maintain trust and prevent financial losses.
One of the most prevalent methods used by cybercriminals during the holiday season is phishing.
Phishing is a form of fraud in which an attacker imitates a reputable person or company in an email or other communication channels. The attacker sends out emails to distribute malicious attachments and links. These links have a range of different functions such as redirection to malicious sites, installation of malware such as keyloggers, spyware or ransomware, stealing login details and identity theft. In some cases, it’s easy to spot a phishing email but sometimes it’s a lot more difficult and it’s easy to fall into the trap. It’s not just the emails they use. ‘Smishing’ is when the attacker targets a victim via text messages and ‘Vishing’ is where they target directly over the phone.
Phishing can often be an initial phase or reconnaissance stage for future attacks. For example, having been lured into giving away personal information after clicking on a malicious link in an email, attackers may use those details for subsequent emails or phone calls.
So, what can you do to protect yourself online whilst shopping online for Christmas presents or treating yourself to a Black Friday deal?
We have a few tips for staying safe online:
Black Friday scams and cyber attacks aren’t just a problem for the purchaser. Organisations and businesses can fall victim to attacks too. Not all attacks are discovered but this doesn’t mean that they’re less damaging than the known attacks.
A successful phishing attack can inflict substantial damage on a business, encompassing reputational harm, customer loss, financial penalties, regulatory fines, and operational disruptions. To counteract these threats, businesses must implement a comprehensive security strategy, including a proactive phishing response plan, robust infrastructure protection, secure application development, and continuous employee training in cyber security best practices.
As Phishing is a diverse attack vector there is no silver bullet for protection. You will have to consider the use of people, processes, and technologies in combination to deal with this constant threat.
Black Friday is fraught with malicious activity looking to take down your web application servers at the most critical time to have the greatest impact on your business and customers. Distributed Denial of Service (DDoS) Attacks to rock your Web platform and take it down could cost you a lot of business and cause irreparable reputational damage in the process.
Hackers may also use Brute Force attacks against your customer login pages and try 1000s of passwords simultaneously, or Credential Stuffing Attacks using known to be valid user credentials against your customer database.
It’s not just about what we can see, it’s more about what we can’t see and that’s what we should be most concerned about. Would you know if you were under attack from cyber criminals and what action to take should a breach be discovered? What if you’ve already been attacked by some black hat hacker inserting a Stored Cross-Site Script within your web code just waiting for your busiest day of the year to take advantage? What if you didn’t even know of the compromise until it was too late, and the damage was done?
We often hear businesses say: “It’s all good, we’re protected with our Internet edge firewall we have a bunch of firewalls so we’re covered, thanks.” But how well are you protected? A lot of the time, the fundamentals of good security are not particularly well understood, and the ever-increasing application layer attack surface is often overlooked.
To clarify your security priorities and identify potential vulnerabilities, FullProxy offers a complimentary Cyber Security Review. This comprehensive assessment provides in-depth insights into your security infrastructure, offering actionable recommendations aligned with industry best practices. We help you enhance your security posture, address compliance requirements, and mitigate risks.
For a more granular security evaluation, FullProxy also delivers specialised services including penetration testing, ethical hacking, and certificate and cryptographic reviews to bolster your web application and website protection.
Want to review your current security posture? Perhaps you’d like to know more about how we can protect your business. Please feel free to get in touch and one of our team of Cyber Security Consultants would be happy to help.
Minimise your security risk.
Maximise your return on investment.
