Beating the fraudsters this Black Friday: Safety Tips to Consider
Cybersecurity experts share tips on how to protect your business and customers
Every year shoppers eagerly await the low-priced bargains that Black Friday and Cyber Monday have to offer. In the UK alone, projections suggest that consumers will spend up to £3 billion on purchases during this period. Increased digitisation of the shopping experience allows for customers to claim deals beyond the realm of physical stores.
The flip side of this digitisation coin is that customers are inundated with notifications from retailer apps and email communications pushing them to ‘buy right now’ and beyond. The caveat here is that, while retailers are diversifying their engagement with customers, this presents a hot opportunity for scammers take advantage of online shopping surges. Luckily, there are measures that both consumers and retailers can adopt to avoid a Christmas calamity.
Avoid falling for ‘genuine’ fakes
During peak demand periods like the one around Black Friday and Cyber Monday, malicious actors’ preferred mode of attack is a social engineering campaign, usually in the form of phishing emails that show remarkable offers. “The goal is to deceive victims into divulging sensitive information, such as credit card details and personally identifiable data”, says Vlad, Threat Intelligence Analyst, Searchlight Cyber. “One prevalent tactic is malvertising, which targets bargain-hunting customers. These unsuspecting users may end up with their devices infected while seeking a good deal. This emphasises how crucial it is for customers to shop online with extra caution over the holidays. Shops imitating reputable products and adverts directing them to questionable websites should be avoided.”
David Warburton, Director at F5, agrees. “One of the best ways consumers can protect themselves from these risks is to ensure they visit a brand’s official website and check if the promotions coincide with what was advertised on the email.”
It is important to understand that not everything that looks safe, is indeed safe. “Consumers should recognise that the security padlock and ‘http’ in a web address are not signs of security”, Warburton advises. “In fact, it is common for most phishing websites to have both, with the aim to provide a false sense of security to consumers who don’t pay too much attention to a website’s name. Consumers need to stay vigilant this Black Friday to avoid being scammed.”
Customer protection is the priority
Consumers are not completely naïve and oblivious to the rise of cyber threats, in both quantity and complexity. NCSC research shows that seven in 10 British people worry that AI will make it easier for criminals to commit online fraud. Retailers have the responsibility to protect them from this.
The most obvious way for businesses to protect consumers is to introduce strong security measures, such as Multi-Factor Authentication (MFA). Research conducted by Ping Identity found that half of consumers report that tools like MFA make them feel more protected against fraud, something ecommerce companies have already taken note of and are continuing to implement.
“Modern authentication solutions, like passwordless or MFA, in the customer log-in and purchase process will ensure the safety of customers’ identifiable data,” adds Matthew Berzinski, Senior Director, Ping Identity. “During busy shopping periods and beyond, this extra layer of security could lead to increased revenue, satisfaction and brand loyalty as consumers trust the retailers.”
Ian McShane, VP of MDR at Arctic Wolf agrees, “The key opportunity for those creating well-crafted scams is that many of us reuse the same password across personal and business-related sites. Even more risk is added when people use their work email addresses as account credentials, meaning, if they fall for one scam, it’s not only their personal account credentials at risk, but the credentials for everything which uses that password.”
He adds, “Businesses can help guard their employee’s personal and business credentials by encouraging the use of password managers and multifactor authentication, not just for work but for all online accounts.”
Avoid leaving gifts for attackers
Savvy attackers are always looking for ways to install malicious malware or collect customers’ confidential payment details and data. “An added seasonal gift is when they are also given the opportunity to infiltrate the networks of people using corporate devices to shop, because even one compromised business credential on one employee device can lead to costly business damage and disruption to their employer,” explains David Higgins, Director of the Field Technology Office at CyberArk. “Robust identity security is crucial to stop Black Friday being the gift that keeps on giving for attackers, preventing sensitive data loss and service disruptions”.
Higgins insists that the only way for businesses to build and maintain trust from customers is, “To prioritise the enhancement of security procedures, confirming identities and validating participant credentials before any online interaction.”
Leading the way: Data and automation
Ryan Sheldrake, Field CTO EMEA at Lacework believes the best way for young companies in the retail sector to tackle key dates like Black Friday and the demand surges that accompany them is to embrace data and automation. “It is the only way to keep pace and ensure their environment moves around to meet demand and control risk during the busiest traffic week of the year. Cloud asset data can be used for preventative controls and misconfiguration detection (CSPM), arguably one of the most significant threats whilst leveraging public cloud, as many retailers do.”
But this is not enough. “On top of this, retailers must deploy threat detection in runtime, as the systems processing transactions and taking users’ card details and addresses must be secure. It’s not enough to merely deploy misconfiguration detection. If, for example, an access key is compromised, CSPM will not detect this. The damage radius needs to be quantified, put in context, triaged, and remediated as rapidly as possible.”
Awareness is the key
With the growing prevalence of online shopping, customers as well as businesses need to be vigilant to avoid falling victim to cyber scams. It’s crucial for both consumers and organisations to implement measures to keep sensitive data secure. As we all flock to make the most of Black Friday and Cyber Monday, practices such as only accessing official websites, being cautious of intermediaries and adopting MFA are essential steps to consider.
Matt Berzinski – Ping Identity
Ian McShane – Arctic Wolf
Ryan Sheldrake – Lacework
David Warburton – F5
David Higgins – CyberArk