Black Friday Online Shopping Safety Checklist
November 2023 by SecurityHQ
Vigilance is urged during this 2023 Black Friday and Cyber Monday, as ’AI generated scams enhance the threat to this year’s festive shoppers, as it’s revealed over 7 in 10 British people worry that AI will make it easier for criminals to commit online fraud’ – NCSC.
But while AI scams like voice cloning, romance scams, and language mimicking are on the rise, ’93% of the biggest spenders, millennials aged 24-35, plan to shop during this coming weekend. And they spend an average of $419.52 per person.’ But with cyber security threats at an all-time high, how can shoppers and businesses stay cyber safe?
Here are our top tips for staying safe online, and the preventative measures that can be taken while shopping for your latest bargain.
1. Be Aware of Phishing & Quishing Attacks
SecurityHQ analysts have recently observed a significant increase in Business Email Compromise (BEC), regarding phishing attacks containing QR code (Quishing) and captchas for credentials harvesting. Quishing attacks usually occur via the scanning of a QR code. This technique involves tricking users into scanning a QR code using a mobile phone. The QR code then redirects the user to a phishing or fake website that aims to steal their credentials.
Read more about Quishing, and how to spot QR Code vulnerabilities, here.
2. Read the Small Print
If something seems too good to be true, it probably is. While Black Friday deals can offer huge discounts that are genuine, people still need to make money. Anything ridiculously cheap is a red flag.
What to look for:
It is worth checking the reputation score of retailers to determine if that retailer can be trusted.
A website with no company address, descriptions or specifications on items are all red flags. Look for the details. And do not base purchases solely off star ratings, as these can be fake.
Pop-ups that offer free electronics are obvious scams, containing malicious phishing links, and should be avoided at all costs.
Read the small print. Often cons are perfectly visible if you know what to look for. Like seeing a picture of a laptop being advertised, going to buy said laptop for a reduced rate without reading the small print, and receiving a literal picture of a laptop in the post. The devil is in the detail.
3. Use Reputable Websites/Companies
Tried and Tested– Using websites that are globally known, is a good way to avoid any nasty surprises. Even if it is a couple of pounds more, it is worth knowing where your money is going and that your purchase will be tracked and delivered.
Use Antivirus Software that will warn you of potentially dangerous sites in search results as well.
Look For Suspicious Emails, as well as suspicious calls and text messages. Never click on a link you are unsure of, and never provide personal information over the phone. Read more on email security, here.
4. Stop, Look, Check, Pay
Secure Sockets Layers (SSL) are used to ensure data is encrypted before being transmitted across the web. It is also an indication that an organisation has been verified. Keep an eye out for HTTPS in the address bar rather than HTTP, as this highlights a site uses SSL.
Make Sure the Website That You Intend to Shop on is Not a Copy of a legitimate one. Verify that the date and name of the organisation are consistent with the site you are visiting. And look for typos in the URL. Your best bet it to go directly to the website yourself, and do not access it through links on other sites/emails.
When using public Wi-Fi, use a VPN as the most effective way to stay safe and so that hackers do not steal your personal data while you are on an unsecure network.
5. Check Your Bank Account
Use a credit card or payment method which offers protection (i.e., PayPal).
Check your accounts regularly for fraudulent activity.
Only provide enough details to complete your purchase (no extra details required)
6. Keep Your Passwords Safe & Don’t Use Default Credentials
Default credentials used by applications and appliances are often published on the internet. This can be a big problem. An attacker will typically first scan your network to see where they can move next. If an attacker was lucky enough to identify applications or appliances with default credentials enabled, it won’t take them long to hunt on the internet for these published credentials. Read how to detect default credentials, here.
Finally, keep your passwords safe.