How to Avoid Cyber Monday Phishing Attacks

Posted by Geraldine Hunt on Mon, Nov 27th, 2017

It looks like Black Friday and Cyber Monday this year is proving to be a major success for retailers across the globe.  As usual, cybercriminals are ready to take advantage of the busy holiday shopping season.  Last Friday, online shoppers doing a Google search for “Amazon” may have been directed to a phoney website that appeared at the top of the results for that word search.  Those who clicked on the fake Amazon link were directed to a site informing them their computer was infected with malware.  The page instructed them to call a bogus Microsoft support number where scammers were waiting to milk them out of $150 to fix the bogus problem.

Yes, it is starting to look a lot like the holidays from a cybersecurity perspective. The weekend from Black Friday' through to  ‘Cyber Monday' is the busiest four days of the year for online shopping. Cyber Monday came into being in 2005 when it was noticed that there was a spike in online sales the Monday after Thanksgiving, it’s essentially an attempt to jumpstart the holiday shopping season. Americans are expected to spend $680 billion this holiday season, marking a 3.6 percent to 4 percent increase from last year’s $655.8 billion, according to estimates released by the National Retail Federation.

On-Line Scams to Dupe Users

It is estimated there were 50 million fraudulent cyber attempts to dupe users during the holiday season of 2016.  With the sophistication of today’s scammers and cybercriminals, that number will undoubtedly be eclipsed this year.   The holiday season is an ideal time for cyber conmen for a host of reasons:

• Shoppers have a sense of urgency to purchase lots of  gifts in a short amount of time
• Users are trying to find deals and may not be as scrupulous due to the stress of the holidays
• Many people who are not as savvy or experienced with the Internet are shopping online
• Retail websites are swamped with traffic, making it harder to distinguish security threats

Holiday Malware Threats

Studies have shown that phishing link attacks rise by as much as 336% at the outset of the holiday season.  Some of the common themes include package delivery confirmation, online greeting cards, promotional coupons or special sales as well as phoney refunds.  A new trend this year will be schemes derived around asking users to come to the store to pick up their online purchases.  Users will click an enclosed link that will initiate malware deployment or be redirect them to a phoney website.

It isn’t just shoppers that are under siege over the holidays.  Retailers themselves face added cyber threats as well.  The threat of DDoS attacks more than doubles during this period.  In addition, the huge spike in legitimate online traffic can be the perfect camouflage for hackers to infiltrate a retailer under the radar.

How to Lessen Cyber Threats

As email inboxes fill with Cyber Monday special offers the risk of phishing and spam emails being treated as legitimate increases. As employees shopping from the workplace get carried away with phenomenal offers, the thrill of the bargain will see many momentarily forgetting even the basic email security precautions.

To stay safe while shopping online this Cyber Monday,  follow these simple guidelines:

• Be wary of all unsolicited promotions you do not subscribe to.  Confirm that the email address is the actual domain of the retailer.
• Be wary of any deals that are too good to be true. 
• Assume any unsolicited delivery confirmation for packages is a scam.  If you are expecting a package, go to the actual tracking site for the shipping company and manually check the status of the delivery.  Keep in mind that half of all email today is SPAM.
• Always, always make sure the retail site you are logging onto is secured by the SSL protocol by confirming the existence of HTTPS at the beginning of the URL.
• Always use a credit card for online transactions rather than a debit card
• Always shop online using a device that is fully patched and up to date.  It should also have some type of endpoint security protection software installed on it.
• Although your employer may not like it, shopping after hours or during your lunch hour from within the enterprise of your employer is probably much safer than anywhere else.  This is because your employer most likely has some type of enterprise-grade firewall protection as well as a web filtering service.
• Be sure to check all of your credit card and bank statements for the holiday period to confirm all transactions are yours.

With a few simple steps and a dose of extra attentiveness, you can make sure that malware and cybercriminals don’t ruin your holiday season.

Layering end-user security awareness training with a powerful email security solution that offers anti-phishing protection is vital. SpamTitan blocks over 99% of all spam, phishing emails and malware before it ever reaches your mail server or user inboxes.  Would you like to learn more about how SpamTitan Cloud can protect your business? Contact us here!