Got a big sale planned for Black Friday? With the economy as strong as it is, retailers (and other businesses getting into the Black Friday act) should see some pretty good returns from their promotions this year. But IT Security professionals need to be ready: Black Friday is a big draw for cybercrime and fraud.
Good News and Bad News About Shopping This Week
|The Good News||The Bad News|
|Thanksgiving||The volume of transactions on Thanksgiving Day is expected to increase by 23% in 2018 as compared to 2017.||The volume of fraud attempts on Thanksgiving Day is expected to be 1.80%. That means, if you serve 100 customers on Thanksgiving, two of them will probably be attempting to defraud you.|
|Black Friday||The volume of transactions on Black Friday is expected to increase by 19% in 2018 as compared to 2017. This is a significant increase, considering it’s preceded by an even greater increase the day before!||The volume of fraud attempts on Black Friday is expected to be 1.30%. Not as bad as Thanksgiving, but at least one of those 100 customers is still up to no good.|
|Cyber Monday||The volume of transactions on Cyber Monday is expected to increase by 14% in 2018 as compared to 2017. True to its name, a lot of these sales will be online purchases.||The volume of fraud attempts on Cyber Monday is expected to be 0.93%. In addition to traditional online channels, “buy online, pick up in-store” and call centers will be areas of focus for cybercriminals|
(source: ACI Worldwide)
“As more consumers purchase big ticket items like smartphones, TVs and other electronics, we expect the attempted fraud average ticket price to be higher this year than in previous years. Fraudsters will also keep an eye on items that have limited inventory as it gives them an additional opportunity to steal and sell those items on the dark market for a higher price; consumers and merchants alike must be vigilant in such cases.”
– Erika Dietrich, global director, Payments Risk, ACI Worldwide
It Isn’t Just Retailers Who Need to Worry about IT Security This Week
Clearly, retailers need to be extra wary this year, but so do organizations for whom Thanksgiving week is business as usual.
Data from the latest Pew Research poll shows that eight out of ten people shop online. It’s a safe bet that many of these shoppers are using work resources to do so. Even if they end up making a purchase at the store or on their smartphone, they may browse gift-giving options while on break. Worse, they could click a link in an email that seems to be offering a sale on the item they were just looking for on another site only to fall victim to a phishing scheme.
Spear phishing, tricking a person into opening an attachment or clicking on a malicious link, is still the most common attack vector (by a long shot) used by cybercriminals to spread malware or steal credentials. Why? Because it works. And phishing attempts have historically gone up during the peak holiday season because cybercriminals know that many shoppers are specifically looking for great deals on hard to find items.
Source: Symantec Internet Security Threat Report, Volume 23, April 2018
This would be a good time to remind all employees about the dangers of opening attachments and clicking on links from unknown sources. Even if it looks like the email is from someone you know, if something seems off, e.g., an email from the individual’s personal email account, pick up the phone and call the sender before you open the attachment.
If the email includes a link, you can also hover your mouse over it to see if the URL that pops up matches the URL shown in the email. If not, don’t click! Or, of course, if the email appears to be from a reputable vendor, you can simply go directly to that vendor’s site and search for the deal.
Be an Informed Cyber Shopper
TierPoint’s Chief Security Officer, Paul Mazzucco, shared his advice with employees on how to avoid holiday shopping fraud and scams this year, “I strongly encourage all TierPoint employees to pay close attention to website redirects from email campaigns. Hover your mouse over the link provided and see if the URL that pops up matches the URL shown in the email. An even better option is to simply read the advertisement, and then type in the main shopping sites URL directly.”
Assess your threat risks
Looking for more ways to decrease your cyber risk this holiday season? Request a Security Assessment from one of our IT security advisors and we’ll deliver the results and recommendations to strengthen your security posture.