Five tips for retailers to protect themselves from Black Friday cyber attacks
Shoppers are not the only people out in force on Black Friday and Cyber Monday. It is also a time for criminals to step up their attacks.
Summary: Consumers are not the only ones out in force on Black Friday and Cyber Monday. With the retail sector turning over more sales than at almost any other time of year, criminals are also out in force to exploit their victims with social engineering scams. Retailers must step up their efforts to protect themselves, their customers, and their supply chains.
As consumers and business customers alike grow more accustomed to shopping online during the pandemic, Black Friday and Cyber Monday are expected to be bigger than ever this year. To better accommodate changing customer demands, many retailers have vowed to do their part to put an end to the huge crowds that Black Friday is so infamous for by making online shopping the new favorite.
While the shift to digital channels is largely a good thing for the retail sector and its customers, the increasing ubiquity of online shopping is not without risk. Furthermore, these risks extend beyond the retail sector to encompass the entire supply chain. Any business can target social engineering scammers and other attacks at any time of year. Still, cybercriminals tend to step up the offensive during the lead-up to Black Friday and Cyber Monday.
Here are five essential tips for businesses to stay safe during the holidays:
#1. Stay alert for fake websites
Setting up fake websites that look like the ones belonging to legitimate retail brands is an old favorite of cybercriminals. In most cases, the website will look almost identical to the real thing, but there are some subtle differences to look out for.
Among the most common signs of a fake website is domain spoofing, in which attackers use a very similar or even superficially identical web address to a legitimate retailer. This problem is especially common in the era of multilingual domains. For example, the letter ‘e’ is identical in the Latin and Cyrillic alphabets, but each form uses a different encoding table. As such, any website link posted on social media or in a phishing email may look the same, although it will lead to a malicious website.
#2. Look out for phishing emails
The vast majority of social engineering scams begin with a simple phishing scheme. Spam filters should catch most of them. However, the ones that can bypass the filters tend to be far more sophisticated and harder to identify. Often, they are personalized to a specific victim and may even purport to come from someone else in the same organization.
As Black Friday and Cyber Monday approach, malicious emails offering last-minute deals and cash prizes tend to ramp up considerably. Employees should always be wary of anything that looks too good to be true, instills a sense of urgency, or contains an unsolicited attachment of any kind.
#3. Watch out for gift card scams
Given that so many people are hoping for a bargain during Black Friday and Cyber Monday, it is hardly surprising that cybercriminals end up working overtime to exploit that hope. Scams come in many different forms, but those involving gift cards and vouchers tend to be especially popular at this time of year.
A common attack method is for employees to receive phishing emails purporting to be from their superiors asking them to purchase gift cards for everyone in the office. The scammer will then ask for the employee to send the gift cards only to spend the money for themselves. This method is so popular because, while they work like cash, gift cards are easier to get hold of and do not leave a money trail.
Global cyber threat research and response company FortiGuard Labs recently drew attention to a disturbing new gift card scam involving fake Amazon gift card generators used to steal cryptocurrency.
#4. Monitor accounts for fraudulent transactions
During the holidays, cybercriminals are well aware that there will be a lot of online activity, not just in consumer-facing retail but in B2B too. The widespread assumption is that it is far more likely that any unusual debits from a bank account will go unnoticed, especially if they are not very large. Sometimes, attackers test the waters with a few smaller debits before stepping up their attack and cleaning out the entire bank account.
Businesses should also keep a close eye on their financial activities, as unusual transactions could point to employee negligence rather than outright theft. For example, if there is a debit for the aforementioned gift cards, finance must know about it as soon as it occurs. That way, they can get to the root of the problem before the attacker, emboldened by their success, strikes again.
#5. Educate employees and customers on security
Organizations should never wait for their employees or customers to tell them about scams. Instead, they must take a proactive approach by educating them about Black Friday and Cyber Monday threats. This is especially important at this time of year, as people tend to be distracted and prone to making costly mistakes. Not only will this transparency help protect customers from fraud – but it will also build trust in the brand.
Insofar as employee training is concerned, every business needs a combination of continuous training and strong leadership reinforced by a security-conscious corporate culture. There is no better time to start improving one’s information security posture than the present, whether it is Black Friday or any other time of year.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.