Black Friday beware: online shoppers face heightened cyberthreats as e-commerce attacks rise by 15%
November 2019 by Kaspersky Lab
As Black Friday continues to grow in popularity, online shoppers are more likely to be the victim of cyber-attacks, a new report from Kaspersky has revealed. E-commerce attacks targeted directly at shoppers have increased by 15% compared to last year – whilst Amazon has released an additional week of deals in the lead up to the big day, widening the threat landscape.
Black Friday has become the biggest annual consumer event, with 95% of consumers now aware of the day. But where shoppers used to head in-store for Black Friday, and then online for Cyber Monday – which also debuted in 2005 – the decline of the high street has forced more shoppers online. Figures from Black Friday Global revealed that last year only 12% of shoppers made their Black Friday purchases solely in-store. The resulting increase in retailer-specific apps and earlier access to deals from the direct comfort of consumer homes has encouraged shoppers to favour shopping entirely online, with 56% preferring online purchases over in-store purchases and 55% of people now using smartphones to make purchases during the Black Friday weekend. This increase in online shopping, combined with the heightened – and lengthened – shopping period means a heightened time for cyberattacks.
A new report from Kaspersky has highlighted the increased danger to consumers during these annual shopping days, where the likelihood of financial phishing attacks increases by 24% compared to the average value throughout the year. In the hope that consumers become less vigilant during the hunt for a good deal, hackers ramp up their activity, with almost a hundred consumer e-commerce sites and mobile applications becoming the target of malicious activity.
According to Kaspersky experts, in the first three quarters of 2019, fifteen families of financial malware targeted users of popular brands. This year, in addition to the already-known banking families such as Zeus, Betabot and Cridex Gozi, Kaspersky has also identified two new mobile bankers, Anubis and Gustuff. The hackers target e-commerce brands to hunt for user credentials like logins, passwords, card numbers, phone numbers and more. They seize the data from victims by intercepting input data on target sites, modifying the online page content, and/or redirecting visitors to phishing pages – showing a need for shoppers to be extra vigilant, and for retailers to help keep their customers safe.
“As Black Friday and Cyber Money draws near, shoppers must be on red alert. This is effectively hunting season for cybercriminals, who are on the prowl to steal personal details, card numbers or bank account credentials from unknowing victims.
“With financial fraud at an all-time high, people need to be reassured that their data and personal information is safe, or they will be less inclined to shop online. This is where businesses also have a part to play, stepping back and re-evaluating their IT security strategy to ensure there is a full lifecycle security plan in place, entailing: education for employees, the best defences to protect against attacks, and the most reliable tools for zero-day detection. There are also simple steps that consumers can follow to prevent Black Friday becoming the most dangerous time of the year online,” comments David Emm, Principal Security Researcher, Kaspersky.
Before getting carried away with Black Friday bargains, Kaspersky recommends the following steps to stay safe – or keep customers safe – when shopping online:
If you are a consumer
• Invest in a robust cybersecurity solution to protect all your devices you use to shop online.
• Backup your data regularly to avoid your personal files being lost if you are the target of a cyberattack.
• Keep Windows and other applications up to date.
• Use unique, complex passwords for every online account. If this seems too difficult, make a password manager the first thing you treat yourself to this Black Friday.
• Use extra caution when using your mobile device for online purchases. Shortened URLs, often used because they are phone-friendly, can hide the fact that they lead to a risky site. If you must make a transaction then and there, switch Wi-Fi off and use mobile data. Otherwise wait until you are back on a secured connection.
• Avoid shopping on websites that appear suspicious or flawed, no matter how great their Black Friday deals are.
• Don’t click on unfamiliar links you receive in emails or social media messages, even from people you know, unless you were expecting the message.
• Think about how much money you wish to spend in an online payment transaction account at any one time and don’t over-step this limit.
• Reduce the amount of funds you have in your bank and online accounts, or use a pre-paid card for online payments. The greater the balance, the more can be lost to fraudster.
• Restrict the number of attempted transactions on your bank card.
• Turn on and always use two-factor authentication (Verified by Visa, MasterCard Secure Code, etc.)
If you are an online brand or trader
• Use a reputable payment service and keep your online trading and payment platform software up to date. Every new update may contain critical patches to make the system less vulnerable to cybercriminals.
• Use a tailored IT and cybersecurity solution to protect your business and customers.
• Pay attention to the personal information used by customers who buy from you. Use a fraud prevention solution that you can adjust to your company profile and the profile of your customers.