InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
Soon the shopping season will be in full flow. Black Friday and Cyber Monday tempt us with their discount offers, and online stores are devoting all of their resources to boosting the number of purchases we make. The massive onslaught of deals and promotions being presented to online shoppers makes it that much easier for cyber criminals to launch their malware campaigns and grab a slice of the cake. It is best to be good and ready for these days. In this blog article, you can find out about the most popular methods of attack and how to protect yourself against them.
Cyber criminals use the shopping momentum of Black Friday and Cyber Monday to launch their malware campaigns. Their attack methods range from simple phishing attacks in the form of fake gift certificates to malware for stealing credit card details or formjacking.
Cyber criminals want to reach the widest possible number of people. This is why they focus primarily on large online stores, which are exploited using the following attack methods:
To make the above scams look as real as possible, cyber criminals register fake web domains beforehand and obtain valid certificates for the phishing sites based on subtle variants of the real URL websites.
Cyber Security Tip No. 1
Our cyber security experts summarised the most important rules for handling e-mails and provided the most important tips and tricks in a free phishing poster.
On Black Friday and Cyber Monday, cyber criminals also tend to use social media as a means of attack to gain even greater reach. Popular items are then offered at discount prices, or bargain hunters are baited using fake gift vouchers. Again, clicking on the link will take you to a phishing site. The cyber criminals will try to get you to make a card payment or a bank transfer so that they can gain access to your data. In an earlier blog article we already explored some social media phishing methods.
Cyber Security Tip No. 2
The high level of online shopping activity during Black Friday and Cyber Monday means that online shoppers are expecting to receive order and delivery notifications. Cyber criminals take advantage of this and send the online shoppers a fake text message containing a link. These links in turn lead to a phishing site where the user data and passwords are retrieved once the user enters them.
It is particularly hard with smishing for online shoppers to tell whether the message they have received is authentic, as compared to an e-mail, not much information is available. No header can be used to check the sender's authenticity. There is no short URL that could look strange or suspicious. This is why smishing is becoming increasingly popular with cyber criminals.
Cyber Security Tip No. 3
Formjacking, also known as web skimming or magecart, is a cyber-attack where the attacker infiltrates a malicious code into the targeted website or online store. This malware targets online shoppers when they attempt to complete an order in their shopping basket. As soon as the payment information is entered in the online form, the malware captures this data (including bank card details) and transfers it directly to the cyber criminals. Magecart is the name given to this method. It is an association of criminal hacker groups that specialise in online shopping cart systems that steal customer data and payment information. The consequences of attacks of this type can be catastrophic. Apart from the financial and reputational damage caused, customers lose confidence in the online store concerned and often never return.
Cyber Security Tip No. 4
Online shoppers who enter bank card details online are the main victims of web skimming. However, in the majority of cases, the problem must be solved by companies that provide support with payment forms on websites. To prevent user data from being leaked through the website, regular updating of all software including web applications (CMS and plugins) is recommended. CMS components should only be installed if they are from trusted sources. You should ad here to a strict CMS access policy for example the two-factor authentication and regular security audits of the payment form.
It is important to be aware of the threat so that you too can shop online on Black Friday and Cyber Monday. This means that you need to be able to recognise phishing attacks and know how they can be outsmarted. Companies also need to create awareness of phishing among their employees in a targeted way. You can find more information about security awareness, phishing and social engineering, as well as a quiz to test your security awareness on our security awareness knowledge website!