Black Friday is here, and deals are popping up all over the internet. Consumers are browsing for the most generous discounts, their inboxes flooded with promotional emails alerting them of cheap flights to exotic locations available for a fraction of the cost. But while the prospect of acquiring a new smartphone at a slashed price may appealing, the cybersecurity community is all but confident that things will run smoothly for customers, who will be targeted by increased levels of cybercriminal activity.
In fact, a new study from Tripwire found 84 percent of security professionals are concerned there is not enough security awareness for consumers to help them stay safe online during this shopping season. Additionally, nearly two thirds (60 percent) of respondents were not confident there non infosec friends and family would be able to detect an email scam.
The study, which was conducted via a poll on Tripwire’s twitter, wanted to gauge the opinions of security professionals towards the lack of security awareness being offered to consumers in preparation of Black Friday and Cyber Monday, given the likelihood there will be an increase in cyberattacks.
It was concerning to find that over half (58 percent) of respondents stated their organisation did not increase security practices, including employee training during the holiday season, while 14 percent claimed theirs did, but it still wasn’t enough.
With spending across the Black Friday weekend expected to reach over £8 billion, both consumers and retailers have to be more alert and aware than ever before. Hackers are continually evolving their attack methods to steal financial data, either by advanced MageCart card skimming attacks, to more common but effective social engineering tactics like phishing emails.
The experts say…
“For businesses, there are two ways to look at cyber risks around Black Friday”, said Tim Erlin, VP, Product Management and Strategy at Tripwire. “The first is that, simply because it’s a busier time and more money are flowing through their systems, an attacker will be more likely to target them, hoping for the busyness to serve as a diversion.”
“The second way to look at it is from an employee perspective: staff may be shopping online from business owned assets, thus potentially opening them up to Black Friday scams. For this reason, it would be worth for businesses to focus on education and training on how to recognize scams and phishing attempts.”
“Ransomware and other types of malware are also a concern for business around this time of the year. Those that are targeting the business itself ultimately just want organisations to pay the ransom, which can be avoided by having good incident response measures in place and secure, up-to-date backups.”
Corin Imai, senior security advisor at DomainTools, added: “As we are approaching the busiest shopping season of the year by far, consumers need to be on the lookout for phishing attacks. In the past, we have seen a significant increase in cybercriminals registering fake websites spoofing major retailers in order to try and direct consumers away from the legitimate websites. This leaves consumers open to malware infection, which could in turn facilitate the theft of their bank details. The best advice we can give to consumers in order to avoid this is to exercise extreme caution. Do not follow links from unsolicited emails, but if you feel you need to, check the sender address to make sure it matches any previous correspondence.”