We’re nearing Black Friday (November 25) and Cyber Monday (November 28) – the time to buy Christmas presents online, to be confident that they will be delivered in time for December 25. But what of cyber security?
Lower your guard, during the rush to bag the best deals, and you are at greater risk of malicious threats, said Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure.
He said: “In the run-up to and during Black Friday and Cyber Monday, many outlets will run promotional offers to encourage spending. This is a potentially lucrative time of year for cyber criminals as they know shoppers are less vigilant as they rush to snap up the best deals.
“Cyber criminals will no doubt be looking to take advantage of the vast amount of transactions taking place and the financial information being shared as a result. There is also an increase in promotional email traffic, which makes it hard to differentiate the real bargains from scams – presenting a heightened risk of phishing attacks.
“With this in mind, it is important consumers take steps to protect themselves and their families during two of the biggest shopping days of the year.”
Firstly, shoppers should change their passwords right away. While this is a faff, it is the single greatest defence you can make to protect yourself against a cyber attack and will instantly make you much safer online, he said.
“Currently, there are millions of emails and passwords for sale on the dark web, which have been breached by companies that have not protected people’s personal data sufficiently. Cyber criminals can buy this data for minimal amounts of money and gain access to your emails.
“They will look for social media accounts and online high street accounts and test your combination to gain access. From this, they can gather more personal data until they have enough to conduct identity theft, which could result in credit being taken out in your name or using your saved payment cards to make online purchases, for example.”
It is a good idea to understand whether your data has been breached so you can put in place other necessary measures to protect yourself, he added. “To do this you can use a free service provided by Have I Been Pwned. All you need to do is enter your email address and the site will tell you whether it is associated with a breach and if so, what other data has been stolen.
“If you have been breached, it is even more important that you change your password to break the chain. Next, you need to understand whether you have been entered into any spambots – as the name suggests, these are bots that send spam to you.
“While some spam is laughable, others are highly credible. If you’re rushing, there’s a higher change you will click a link in a spam email, which could execute malware or ransomware on your device.
“Unfortunately, the only way to rectify and avoid your exposure to spam – and, in turn, the chances of clicking on a malicious link – is by changing your email address. This is best done by transitioning email address information on websites over a period time. While this is an arduous task, it is an effective and vital way to protect yourself.”
Finally, make sure your anti-virus protection is installed, activated with a valid licence and updated. “While free anti-virus software is available, in life you get what you pay for and it may not protect you sufficiently. Competition to provide the best anti-virus changes year on year between the main vendors as they achieve technology breakthroughs in response to the evolution in cyber threats.
“The best thing to do is check reputable tech websites for reviews of the best current anti-virus software. We recommend buying a one-year licence, and then when it comes to renew, assess which company has moved to the forefront of anti-malware protection. There will always be new customer deals to be had.”
Likewise Steve Bradford, Senior Vice President EMEA at SailPoint, said: “Using a credit card for purchases adds a degree of protection for recuperating lost funds, but it doesn’t stop cybercrime in its tracks. Shoppers need to think of their digital identity as of comparative importance to their in-person one – you wouldn’t hand over sensitive information to a stranger, so the same ethos should be applied online.”
Meanwhile, retail brands can earn the bulk of their annual revenue during the holiday season. This makes them a prime target for ransom DDoS attacks with cyber criminals capitalising on the business need to keep websites running, says Emma Whitmore, Group Vice President, EMEA at Edgio, which provides content delivery network (CDN) services.
She said: “As well as an increase in attacks due to bigger ransom gains, attackers count on shoppers being vulnerable due to the speed of transactions and slipping up. Online retailers need full 360-degree visibility into all traffic across their network to detect security exploits – and they need the right solutions in place to help them respond quickly
“CISOs should be aware of their current security posture – identifying any attack vectors and employing security solutions to resolve any vulnerabilities or other risks to the business. This will include understanding security best practices and the latest standards and regulations related to their online business. With the increase in zero-day exploits, CISOs must also ensure their security solution provides the ability to make critical decisions fast to prevent any downtime. With the correct approach to cybersecurity, brands can ensure this Black Friday weekend is a success.”
The counter-fraud trade association Cifas says that it continues to advise consumers to be wary of ‘too good to be true’ offers purporting to be from retailers, and to avoid clicking links in any unsolicited emails. Scam emails should be reported to [email protected]. If you believe you have been the victim of a scam, contact your bank at once and report it to Action Fraud on 0300 123 2040 or www.actionfraud.police.uk.
