Cyber Monday, the 28th of November, is a day marked with discounted goods from our favourite online retailers, and a key event in many people’s calendars who hope to get ahead of their Christmas shopping. The UK alone is predicted to spend an estimated 3.95 billion pounds on Black Friday and Cyber Monday combined this year, which further highlights its wide appeal. However, while consumers are getting ready to bag a good deal, cybercriminals are also preparing to take advantage of distracted minds by launching a variety of shopping related scams.
That’s why Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, is urging shoppers to be vigilant during this busy period. Cybercriminals often use a type of social engineering technique called ‘phishing’ that sees them pretending to be a legitimate brand in order to lure innocent victims into handing over login details or clicking on fraudulent links. Some threat actors may even set up designated websites just for occasion.
This uplift in cyberattacks is a documented trend, with Check Point’s research team reporting that on Amazon Prime Day, almost 1,900 Amazon-related web pages were created during this time, with 10% of them being found fraudulent. Check Point’s researchers also discovered that on the run up to Black Friday last year, there was a 178% increase in malicious web stores globally. Hackers are also becoming increasingly creative, not limiting themselves to impersonating e-commerce brands but also popular delivery services such as DHL, which was the most imitated company in Check Point’s Q3 2022 Brand Phishing Report.
It’s clear that cybercriminals are finding these scams fruitful. That is why it is important that shoppers take extra precautions to ensure a safe online experience. Here are six top tips to stay safe this Cyber Monday:
- Always buy from an authentic and reliable source: Before making a purchase, it’s important to authenticate the site you are using to make the purchase. Instead of following a link sent through on email or text message, go directly to the retailer by searching for them on your selected browser and locating the promotion directly. Those extra few steps will ensure you are not clicking on any fraudulent links, and you can make your purchase with confidence.
- Be alert to similar domain names: Many scam websites will often use a domain name similar to the brand they are trying to replicate, but with additional letters or misspellings. To ensure that you are not handing over your banking information to scammers, pay attention to the URLs to check if there anything usual or unfamiliar. By taking a minute to look for tell-tale signs that a website may be fraudulent, you can quickly determine its legitimacy.
- Look for ‘too good to be true’ offers: Often phishing scams promise extremely good discounts on very popular items. If you receive an offer that does appear to be too good to pass up, don’t rush to buy it before it sells out. Chances are it is a scam. Instead, check that the seller is authentic by checking other websites to see if they are offering similar discounts.
- Always look for the padlock: A quick way to see whether a website is secure is to look at whether the URL start with HTTPS. This is an indicator it is compliant with international security standards, and it is usually partnered with a padlock to reflect this. If these are missing, then it’s a strong indication the website is fraudulent and should be avoided.
- Use endpoint security: While we do see an uplift in scam emails during popular shopping periods, phishing emails are used by cybercriminals all year round. That’s why everyone should be looking to implement email security solutions to prevent them landing in our inboxes in the first place.
- Be wary of password reset emails: Hackers will always be looking for ways to get into people’s shopping accounts often by credential stuffing, where details have been obtained as part of a separate breach. As a result, consumers should be cautious of password reset emails that could be fraudulent. If you do receive one, always visit the website directly (do not click on the links) and change your password.
“Cyber Monday is a great opportunity to grab some deals on our favourite products and there is no reason why we should avoid participating in events such as these. However, like any other part of our online lives, we must protect ourselves against crafty hackers who look for busy periods of distraction to launch their next attacks”, says Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software. “This is because cybercriminals are continuing to up the ante and will pull every trick in the book to access our private data, gain access to bank accounts or steal credentials. That’s why it’s imperative to follow these top tips not only for Cyber Monday, but for any future holidays that cybercriminals may use to take advantage of preoccupied shoppers.”