Shoppers across the country are preparing for what was originally a U.S. phenomenon, Black Friday and Cyber Monday. According to research from Adobe, Black Friday has become the UK’s biggest online shopping day of the holiday season, with online revenues predicted to reach £901 million tomorrow.
A few years ago holiday shopping mainly involved rushing around Oxford Street and elbowing people out of the way to grab the last shirt in your size for half price. However, nowadays bargain hunters have found a way around the chaotic experience that is real-life shopping, doing it online. Unfortunately, cyber criminals have caught on to this and will take advantage of the fact that “legitimate cardholders are sometimes turned away by tough, rule-based security measures, reducing customer satisfaction and sometimes driving the customer away. But during spike shopping events like Black Friday and Cyber Monday, retailers will lower their threshold for declines. Fraud costs retailers $9 billion every year but false positives cause over $180 billion in losses” explains Robert Capps, VP of business development at NuData Security.
Of course, there are all sorts of other different attack methods used by criminals, from phishing emails and fake websites to DDoS attacks aimed to financially hurt a company by knocking it offline and sending shoppers elsewhere.These attacks affect both consumers and retailers so we have compiled a list of top tips on how both groups can prepare for the event.
How Retailers Can Prepare for Black Friday and Cyber Monday
- Be Prepared for Extra Traffic – Lots of it
“Take advantage of cloud strategies where possible. This allows you to burst and grow to meet demand and sustain possible cyber attacks without having to do much planning ahead of time. When the demand decreases, you can step out of the cloud and go back to normal footprints.” – Paul Calatayud, CTO at FireMon.
- Prepare an incident response and crisis management plan
“To avoid any unpleasant surprises, planning for key events like Black Monday should form part of a comprehensive risk strategy. By reviewing fundamental cyber security controls recommend as part of schemes like PCI DSS and Cyber Essentials, plus conducting regular network and penetration testing, retailers can help to ensure that critical business periods do not end in financial and reputational disaster.” – Leon Pinkney, SOC services director at Redscan.
- Stop Bots and Shoplifters
“You’ll most likely experience a huge traffic spike on Cyber Monday, but some of that traffic can potentially spell trouble for your website. Nearly 50 percent of all web traffic comes from bots, including bad bots. Competitors and aggregators could be flooding your site with malicious bots to steal sensitive information and undercut your prices. But it’s not that simple. Scraper bots, for example, can be good for an e-commerce site because they help aggregate information for consumers. An intelligent website protection service is able to detect beneficial bots and block malicious bots.” – Joy Ma, security blogger for Imperva.
How Consumers Can Prepare for Black Friday and Cyber Monday
- Don’t Rush to Get That Amazing Deal, Use Common Sense
“Take a breath and ask yourself ‘does this seem too good to be true’ or even does this actually apply to me? Do some research, make an enquiry of your own, if it is legit it will definitely still be available in an hour or two.” – Mark James, Security Specialist at ESET.
- Don’t Re-Use Passwords Across Different Sites
“We should be protecting the log in process. Neither the user nor the retailers can overcome zero day attacks that may steal data in a big breach – that’s down to technology suppliers. But, like in the recent Deliveroo attack, when an attacker shows up with a password from a totally separate breach that works on your site, then you’re defenceless because they’re coming in with what appears to be a legitimate path. The user can prevent this by using unique passwords for different services – or at least doing so for any service that may financially impact them. Where possible, use multi-factor or two-step authentication, which would render this sort of stolen password attack meaningless.” – Jonathan Sander, VP of Product Strategy at Lieberman Software.
- Watch Out For Phishing Emails
“Ask you have ever received an email from that particular store before. If you’ve never signed up for an email list or shopped there, be wary of how it got into their inbox. A common email campaign this time of year involves “shipping confirmations” from Hermes, DHL, Parcelforce, DPD, UPS, FedEx, and TNT that must be opened via a .zip attachment. DO NOT OPEN THIS ATTACHMENT. Big postal and package delivery services will never send you a postal confirmation in a .zip attachment. They will send it in the body of an email, or ask you to login to your account to view it.
You should also toggle over all of the URL links within the email. If Amazon sends you a Black Friday sale alert and there’s a link to a gadget, take two seconds to hold your mouse over the link before clicking. If it shows amazon.co.uk or smile.amazon.co.uk, feel free to click on it. If it shows akljfaasedaf.com, Amazon didn’t send you that email. Don’t click on it.” – Jonathan French, a security analyst at AppRiver.
To conclude, Javvad Malik, Security Advocate at AlienVault explains that “the responsibility for protection is a combined effort with steps that both retailers and consumers should take.”