It’s that time of year again! Black Friday’s back, along with bargain deals and unprecedented amounts of online shopping. Yet, the busy shopping season brings with it significant risk for consumers and businesses alike, as cyber experts have cautioned, from increased phishing attacks to too-good-to-be-true (decoy) deals. So, how can you be sure a good deal’s not a dodgy one and how can businesses protect both data and customers and make the most of the holiday season? We consulted the experts.
The retail threat landscape, on the whole, has become more complex in 2024. In the US, for example, the industry has become an even more lucrative target for cybercriminals. This year, the US retail sector has seen a significant rise in ransomware incidents, accounting for 45% of global retail ransomware cases (Q1-Q3, 2024), an increase of 9% from 2023, according to research by Cyberint, a Check Point Company. Further Check Point research has found that, in the weeks leading up to Black Friday, there’s been a surge in websites related to Black Friday, an increase 89% higher than the surge in the same period last year. Evidently, Black Friday is big business (but that goes without saying). What’s worrying about this stat is that nearly all of these sites impersonate well-known brands, and almost none are classified “safe.” Cybercriminals also see the opportunity that increased deal searching brings.
Impersonation sites are particularly worrying for consumers and a big risk for companies themselves. According to a blog posted by Check Point: “These shadow sites, enticing consumers with deals that might seem out of place were it not Black Friday, are intended to trick a consumer into entering sensitive details, like payment info or a set of credentials, into the fraudulent site. Effectively, they serve as phishing sites, passively harvesting user credentials from dealseekers. The variety of impersonated sites ranges widely, from global behemoths to smaller, but still prominent, boutiques. Notably, a huge variety of these fake sites share key design features, indicating that a central group might be behind a network of retail phishing platforms.”
The blog notes that AI has made these sites look more believable. So, how can people can protect themselves?
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, advises: “Cybersecurity needs to be front of mind for everyone within an organisation this Black Friday, not just for the cybersecurity or IT team. It is everyone’s responsibility to make sure that consumers are being protected with the right prevention, detection and response systems and processes.”
Dimitriadis continues: “In order for a business to be best protected against bad actors, it is vital that the whole supply chain is cyber resilient and has the right measures in place to defend itself. Just one weak link can leave every single organisation in the chain vulnerable to an attack – making sure the supply chain is coordinated under a common cybersecurity objective this festive period is non-negotiable.”
The supply chain is something that has come under spotlight in 2024 (once again). No doubt incidents like the Snowflake supply chain attack, the CrowdStrike outages and even last year’s MOVEit attacks have contributed to the propelling of the supply chain security conversation even more into the zeitgeist. It is critical that businesses scrutinise their supply chains so that they can protect themselves and their customers, especially in periods where there are likely to be greater attempt of attacks.
Finally, the Check Point security blog provides tips for consumers on how to stay safe online this Black Friday: “For consumers, online protection is as much about being careful as it is about keeping apps updated and patched. Check URLs closely for misspellings or unusual host domains. Make sure the url starts with “https:// and shows a padlock icon, certifying a secure connection. When emails come in, reference the sender against emails you know to be real. Don’t click anything you’re not sure about and don’t blindly click through on QR codes. Never input unnecessary details like your personal information or financial details, and avoid inputting extra information like your birthday where it’s not required.”