AXEL.org

black friday

Cyber Monday Attracts Cybercriminals

Black Friday and Cyber Monday have been merging for years. This year, amid a global pandemic, the trend is likely to accelerate. With almost 1/3rd of historically in-store shoppers claiming they will only shop online this year[1],  hackers and online fraudsters will assuredly be on the prowl. Here are some of the most common scams to watch out for and how to avoid them.

Popular Cyber Monday scams

Most of these cons aren’t exclusive to Cyber Monday, but the influx of online shoppers during the time period does magnify thieves’ efforts.

Phishing emails

‘Tis the season for shady emails. Since legitimate retailers send emails en masse during Cyber Week to advertise deals, many fraudulent phishing attempts slip through the cracks. These emails will look like they’re from an established brand but are really trying to trick you.

We recommend being suspicious of any brand emails sent during Cyber Week and checking the sender’s address to ensure it appears valid. Do not trust any address not instantly recognizable as being credible. Never click links or open attachments in these emails. Navigate to the brand’s website via your browser and see if the promotion is there too. If it is, make the transaction through the website rather than clicking any email links.

Fake social media offers

Even Black Friday and Cyber Monday deals have limits to their believability. Cybercriminals make fake social medial accounts to take advantage of consumers wanting the best bargains. These accounts will post up too-good-to-be-true offers with malicious links or bogus surveys with the promise of free rewards.

The easiest way to avoid these scams is not to get caught up in the fear of missing out on a once-in-a-lifetime deal. The truth is, most of these are ploys to infect your system or steal sensitive personal information. Don’t follow strange Twitter accounts shilling pie-in-the-sky promotions.

Formjacking

Also known as “e-skimming,” formjacking is an especially deceptive way to scam unsuspecting online shoppers. Here, the bad actor is able to inject malicious code into otherwise legitimate retail sites. The malware executes once the shopper enters their payment information. Then, the script scrapes the credit card information and transmits it back to the hacker.

Cyberthieves target third-party plugins on e-commerce websites to find vulnerabilities. This makes it difficult for retailers to spot the problem before it becomes a huge issue since it doesn’t even occur in their controlled system. Although smaller companies without the resources to staff large IT teams are most affected, large corporations are also not immune. For example, in 2018, online ticket vendor Ticketmaster suffered a formjacking incident that exposed customer’s personal information and payment data[2].

Preventing formjacking as a consumer is difficult, if not impossible. The website is legit, and there’s no signal that the payment form is compromised. Shop trusted sites you’ve ordered from previously and use a credit card instead of a debit card number, if possible. Typically, credit cards offer more comprehensive fraud coverage than debit cards. You won’t be liable for the vast majority of fraudulent credit card charges. Just remember to pay it off immediately!

Man-in-the-middle attacks

This is a cyberattack where the hacker compromises a network and inserts themselves between two other parties. The attacker can then intercept and alter the information relayed between these parties. A common example of a “man-in-the-middle” attack is when a threat actor gains control of a public WiFi access point. Everyone connecting to the public WiFi is then at the mercy of the cybercriminal.  Hackers typically accomplish this in one of two ways:

Hacking the router. If the router used for a businesses’ WiFi is in a public area,  or there is a nefarious employee, the router itself is susceptible to a hack. Small companies, such as local restaurants, usually lack sufficient IT personnel to prevent these breaches.

Setting up a fraudulent access point. Sometimes, the fraudsters don’t even have to hack anything. They simply set up their own unauthorized WiFi access point and name it deceptively. This tricks customers into connecting to harmful networks.

Companies should keep their routers out of public spaces and only allow trusted employees to deal with them. However, the best way to prevent these occurrences is for customers to refrain from using public WiFi altogether. Use your cellphone data whenever you can. Cellular networks are much more challenging to crack.

Counterfeit goods

Here’s a new twist on an old classic. Cyber Monday is a massive opportunity for counterfeiters to sell their inauthentic wares. In a bit of irony, counterfeiters may actually charge more for their fakes than usual while still making it look like a great sale to their victims. So, before you click the checkout button on that incredible deal from Gucci-Bag-Sales-4-You.com, think twice. Is the website reputable? If not, you should probably pass.

Check online to see if there are validated reviews for the site before you buy. If there’s even a hint of fake reviews, steer clear. Verify how long the company has been in business. One trick is to perform a WHOIS lookup on the domain. Copy and paste the web address into the WHOIS lookup box and hit the search icon. Then, search for the “Creation Date” attribute within the returned information. If the site was registered recently, that’s a major red flag.

Stay safe

Black Friday, Cyber Monday, and all of Cyber Week are fantastic times to save big on your favorite products. But you have to be safe and vigilant to prevent hacks, data breaches, and other scams. Please don’t get fooled by those looking to leverage other people’s greed to satisfy their own.

AXEL is passionate about data security. That’s why our motto is “Securing data at rest and in motion.” We are a company that’s always utilizing new technologies to offer more robust protection for your information. If you’d like to learn more about our philosophy and software solutions, such as our secure, privacy-focused file-sharing platform, AXEL Go, please visit axelgo.app today.

 

 

[1] Emily Eberhard, “How the pandemic may affect holiday shopping”, July 2020, Think With Google, https://www.thinkwithgoogle.com/consumer-insights/consumer-trends/pandemic-holiday-shopping/

[2] John Leyden, “Ticketmaster gatecrash: Gig revelers’ personal, payment info glimpsed by support site malware”, The Register, June 27, 2018, https://www.theregister.com/2018/06/27/ticketmaster_support_bot_hack/

How To Shop Safely On Black Friday And Cyber Monday

The time we’ve been waiting for all year is finally here: Black Friday and Cyber Monday are upon us. The holidays are the season for spending time with cherished family and friends, but Black Friday is much better because you get to buy new stuff. Friends and family move away, they get busy and can’t see you, but your new stuff will sit in your home with you until it has to be forklifted out to clear a path after you get trapped under a pile of 70% off Google Homes.

But the coming sales aren’t all fun and games. As the holiday shopping season ramps up, cyber criminals are also ramping up their activities. Here’s how you can protect yourself from being a victim of cybercrime this holiday season.

Don’t shop online in public

Seriously: the whole goal of online shopping is so you can sit in your house in your underwear and order as many pairs of Air Jordans as your credit card limit will allow. So why, in 2018, are people still leaving their houses to do this? Pro tip: being inside your house is always safer than not being inside your house. Additionally, sitting in a coffee shop while entering your credit card number will just leave you open to scammers looking over your shoulder, and they will also see that you decided a toaster would be a good gift for your mom. Additionally, using public WiFi to make purchases is not recommended: when possible, use your home WiFi or another trusted network. Also seriously, a toaster?!

Use sites you trust

Now is not the time to try anything fancy: go to the sites you know, and if you want to shop somewhere new and unfamiliar, research the company online to make sure it’s legitimate.

Make sure you use secure sites

You’ll want to use sites that use HTTPS instead of HTTP. Websites that have HTTPS in their URL will encrypt all information sent between your browser and the website. If this is too boring to remember (it is) just look for a little lock right beside the URL in your web address bar. Keep in mind that this is not a guarantee that the website is safe, but this does add an extra layer of security.

Check your bank statements regularly

Check your bank statement online, and check it often to ensure that no suspicious activity has transpired in any of your depleted accounts. Call your bank immediately if you notice something is off. And while it is highly suspicious that you bought an EZ Bake oven for yourself, that’s not the type of suspicious activity you’re looking for.

Do all that boring stuff we always tell you to do

Update your passwords regularly. Don’t use the same password twice. Ensure your computer’s software is up-to-date. Use anti-virus software. Don’t hand out your social security number like it’s Monica’s Christmas candy. Appreciate all Friends references.

Avoid using your credit card when possible

No, that doesn’t mean you should use debit. In fact, please don’t! But apps like Apple Pay are more secure, and many large retailers are now accepting Apple Pay through their apps. Many banks also offer virtual credit cards specifically for online transactions so that your real card number doesn’t fall into the wrong hands. Unless the wrong hands are also your hands, in which case I cannot help you.

Don’t shop on websites using your mobile browser

It’s hard to see if they’re secure. Instead, use the retailer’s app. Yes, this means you must download yet another app as you’re hunched over your desk at work just trying to buy a pair of boots before anyone notices you haven’t sent the invoice you promised Cathy, but Cathy can wait. This is your online safety we’re talking about, Cathy!!

Don’t click on links

Type the website URL directly into your browser’s address bar instead of clicking on links sent to you through email, text, or other messaging apps. Scammers will often send emails or messages that look exactly like a retailer’s marketing materials, but these links will direct you to a fake website or install malware on your device.

Spend all your money!!!

Max out those credit cards and drain your accounts. If you have nothing to steal, scammers cannot steal from you. (This is obviously a joke – it’s important to spend wisely and make sure that you have money left over for food. Do you have money to buy me food? Just kidding. Unless you’re offering.)

Black Friday and Cyber Monday are a great way to temporarily escape from the dreary prison of your life. Just make sure to follow these tips so you can ensure that you are the only one spending your money. Happy shopping!!