CYBER criminals will be looking to exploit shoppers during the Black Friday and Cyber Monday sales – an expert from cyber security firm CSS Assure has warned.
With UK consumers planning to spend an estimated £5.6bn on Black Friday (24 November) and Cyber Monday (27 November) purchases this year, Charlotte Riley, director of information security at technology at CSS Assure, said bargain hunters lowering their guards during the rush to bag the best deals are at greater risk of malicious threats.
Charlotte said: “In the run-up to and during Black Friday and Cyber Monday, many outlets will run promotional offers to encourage spending. This is a potentially lucrative time of year for cyber criminals as they know shoppers are less vigilant as they rush to snap up the best deals.
“Cyber criminals will no doubt be looking to take advantage of the vast amount of transactions taking place and the financial information being shared as a result. There is also an increase in promotional email traffic, which makes it hard to differentiate the real bargains from scams – presenting a heightened risk of phishing attacks.
“With this in mind, it is important consumers take steps to protect themselves and their families during two of the biggest shopping days of the year.”
Password management
“Firstly, shoppers should think about the last time they changed their passwords, especially on important accounts. If their passwords are dated then strongly consider changing them, and, if possible, use a password management solution to ensure they are unique and appropriately complex.
“While this is a faff, it is the single greatest defence you can make to protect yourself against a cyber attack and will instantly make you much safer online. Adding an extra layer of security like two-factor authentication can prevent unauthorised access even if someone gets hold of your password.
“Currently, there are millions of emails and passwords for sale on the dark web, which have been breached by companies that have not protected people’s personal data sufficiently. Cyber criminals can buy this data for minimal amounts of money and gain access to your emails.
“They will look for social media accounts and online high street accounts and test your combination to gain access. From this, they can gather more personal data until they have enough to conduct identity theft, which could result in credit being taken out in your name or using your saved payment cards to make online purchases, for example.”
Personal data breach identification
“It is a good idea to understand whether your data has been breached so you can put in place other necessary measures to protect yourself. To do this you can use a free service provided by Have I Been Pwned. All you need to do is enter your email address and the site will tell you whether it is associated with a breach and if so, what other data has been stolen.
“If you have been breached, it is even more important that you change your password to break the chain. Next, you need to understand whether you have been entered into any spambots – as the name suggests, these are bots that send spam to you.
“While some spam is laughable, others are highly credible. If you’re rushing, there’s a higher change you will click a link in a spam email, which could execute malware or ransomware on your device.
“A blended strategy is best for rectifying and avoiding your exposure to spam – and, in turn, the chances of clicking on a malicious link.
“Start by enabling and customising your email provider’s spam filters to automatically detect and redirect suspicious emails to the spam folder. These settings – as well as your security and privacy options – should also be regularly reviewed or adjusted. Unsubscribe from unwanted newsletters or promotional emails, and make spam emails as junk within your email platform.
“Some email services offer the option to create disposable or temporary email addresses for specific purposes. This way if the address gets compromised or spammed, you can easily discard it without affecting your primary email. You should also be cautious about sharing your email address on public forums, social media, or unfamiliar websites to minimise exposure to potential spammers.
“While these may seem to be arduous tasks, they are effective and vital ways to protect yourself.”
Check your anti-virus protection
“Finally, make sure your anti-virus protection is installed, activated with a valid licence and updated. While free anti-virus software is available, in life you get what you pay for and it may not protect you sufficiently. Competition to provide the best anti-virus changes year on year between the main vendors as they achieve technology breakthroughs in response to the evolution in cyber threats.
“The best thing to do is check reputable tech websites for reviews of the best current anti-virus software. We recommend buying a one-year licence, and then when it comes to renew, assess which company has moved to the forefront of anti-malware protection. There will always be new customer deals to be had.”