The Black Friday sales period, along with other online shopping events like Cyber Monday, provides the perfect playground for cybercriminals. The sharp increase in online commerce and the number of shoppers allows attackers to exploit consumer behavior in search of attractive deals, targeting them with highly sophisticated attacks, including AI-based tools.
According to Yossi Tal, CEO of CYFOX, a cybersecurity company specializing in providing information security solutions to managed security service providers (MSSPs), the attacks can be divided into two main categories:
Attacks on Websites
The primary goal of these attacks is to breach website security systems and steal sensitive information such as usernames, passwords, and credit card numbers. Attackers exploit website vulnerabilities to gain access to critical data.
Social Engineering-Based Attacks
This category involves sophisticated techniques designed to trick users into disclosing sensitive information or performing actions that benefit attackers. A common method is creating fake websites that appear entirely legitimate and impersonate well-known retailers. These sites serve as traps for financial fraud and personal data theft.
In addition, other tactics used by attackers include:
Phishing
Emails impersonating official communications from well-known websites, often incorporating convincing logos and content, aim to lure users to fake websites with tempting offers or fictitious discounts.
Ad-Based Attacks on Legitimate Websites
A common technique involves the use of malicious iFrames, where harmful content is embedded in advertisements on legitimate websites. When users click on these ads, they are exposed to seemingly legitimate content while malicious code is simultaneously installed on their devices.
Social Media Scam Ads
Posts on social media pretending to announce sales and deals often lead to malicious links. These can compromise user security by stealing passwords or other vital personal data.
How to Stay Safe During Online Shopping Events
To protect yourself during this online shopping season and shop with peace of mind, Nir Yehoshua, a researcher at CYFOX, recommends following a few essential rules:
- Verify Credibility
Ensure the credibility of websites before making a purchase. Check that the sites are secured with the HTTPS protocol and belong to reputable retailers.
- Beware of Suspicious Messages
Avoid clicking on links from unknown sources or on offers that seem "too good to be true." When in doubt, visit the retailer's official website directly.
- Enable Two-Factor Authentication (2FA)
Adding this extra layer of security can prevent unauthorized access to your accounts.
- Use Limited Payment Methods
Opt for single-use credit cards or cards with low limits to minimize potential damage in case of a breach.
- Update Third-Party Apps and Operating Systems
Keeping systems and apps updated ensures protection against malware exploiting outdated systems.
- Use Mobile Apps
Mobile apps are harder to manipulate for phishing compared to traditional browsing methods.
- Raise Awareness
Being aware of potential threats and vulnerabilities is crucial. You don’t need to become an expert but understanding these risks increases vigilance.
Remember, the "best deal" could end up costing you a lot if you don’t take basic safety measures.
