Black Friday and Cyber Monday – two lucrative days for cyber criminals too

Soon the shopping season will be in full flow. Black Friday and Cyber Monday tempt us with their discount offers, and online stores are devoting all of their resources to boosting the number of purchases we make. The massive onslaught of deals and promotions being presented to online shoppers makes it that much easier for cyber criminals to launch their malware campaigns and grab a slice of the cake. It is best to be good and ready for these days. In this blog article, you can find out about the most popular methods of attack and how to protect yourself against them. 

Cyber criminals use the shopping momentum of Black Friday and Cyber Monday to launch their malware campaigns. Their attack methods range from simple phishing attacks in the form of fake gift certificates to malware for stealing credit card details or formjacking.

Cyber attack methods on Black Friday and Cyber Monday

E-mail scams

Cyber criminals want to reach the widest possible number of people. This is why they focus primarily on large online stores, which are exploited using the following attack methods:

• Counterfeit gift vouchers: One way to gain access to a customer account is to use counterfeit gift vouchers. The online shopper receives an e-mail containing a gift voucher. As soon as they click on the voucher link, they are redirected to a phishing site which intercepts the login information. By the time online shoppers realise that the page is not a genuine one, it is often too late.
• Fake logins: One of the most common methods used to attack a customer account is via a fake e-mail from the online store customer services team containing a log-in link. These e-mails can look deceptively real, especially if you have just shopped on the site. Here too, the link redirects you to a phishing site that retrieves your customer information.
• Trojans: The most dangerous method is the use of fraudulent e-mails with an attached order or invoice. This is usually a trojan, like Emotet for example. The Trojan is installed as soon as the attached document is opened and the macro is activated. Operating in the background on an infected computer, cyber criminals can then transfer money away as soon as an e-banking session is launched.

To make the above scams look as real as possible, cyber criminals register fake web domains beforehand and obtain valid certificates for the phishing sites based on subtle variants of the real URL websites.

Cyber Security Tip No. 1

• Do not open any attachments with vouchers or special offers. A valid offer should not ask you to click on a link or an attachment.
• Never click on links in e-mails. Thousands of fake websites look virtually identical to the real ones. If you want to shop on a website that you regularly visit, it's better to type the URL manually into your browser or save the website as a favourite.
• Be cautious with e-mail attachments and never activate the macro function.

Our cyber security experts summarised the most important rules for handling e-mails and provided the most important tips and tricks in a free phishing poster.

Fake special offers on social media

On Black Friday and Cyber Monday, cyber criminals also tend to use social media as a means of attack to gain even greater reach. Popular items are then offered at discount prices, or bargain hunters are baited using fake gift vouchers. Again, clicking on the link will take you to a phishing site. The cyber criminals will try to get you to make a card payment or a bank transfer so that they can gain access to your data. In an earlier blog article we already explored some social media phishing methods.

Cyber Security Tip No. 2

• When you are on social networks, you need to be particularly wary of goods that are way below the normal market price, even on Black Friday and Cyber Monday.

Smishing – Phishing using SMS text messages

The high level of online shopping activity during Black Friday and Cyber Monday means that online shoppers are expecting to receive order and delivery notifications. Cyber criminals take advantage of this and send the online shoppers a fake text message containing a link. These links in turn lead to a phishing site where the user data and passwords are retrieved once the user enters them.

It is particularly hard with smishing for online shoppers to tell whether the message they have received is authentic, as compared to an e-mail, not much information is available. No header can be used to check the sender's authenticity. There is no short URL that could look strange or suspicious. This is why smishing is becoming increasingly popular with cyber criminals.

Cyber Security Tip No. 3

• Never respond to text messages that contain links.
• Under no circumstances should you click on links.
• Only install mobile phone apps using the official app store and never when they are sent to you via a link in a text message.

Formjacking or web skimming

Formjacking, also known as web skimming or magecart, is a cyber-attack where the attacker infiltrates a malicious code into the targeted website or online store. This malware targets online shoppers when they attempt to complete an order in their shopping basket. As soon as the payment information is entered in the online form, the malware captures this data (including bank card details) and transfers it directly to the cyber criminals. Magecart is the name given to this method. It is an association of criminal hacker groups that specialise in online shopping cart systems that steal customer data and payment information. The consequences of attacks of this type can be catastrophic. Apart from the financial and reputational damage caused, customers lose confidence in the online store concerned and often never return.

Cyber Security Tip No. 4

• When shopping online, wherever possible you should pay by credit card and not by debit card. It is not always possible to get a refund because of web skimming with a debit card. Credit card issuers offer greater protection.
• Keep a watchful eye on your credit card statement. Unforeseen charges are generally the first sign that your card or even your entire “identity” has been stolen. If you discover anything suspicious, have the card blocked immediately.

Online shoppers who enter bank card details online are the main victims of web skimming. However, in the majority of cases, the problem must be solved by companies that provide support with payment forms on websites. To prevent user data from being leaked through the website, regular updating of all software including web applications (CMS and plugins) is recommended. CMS components should only be installed if they are from trusted sources. You should ad here to a strict CMS access policy for example the two-factor authentication and regular security audits of the payment form.

What about your security awareness?

It is important to be aware of the threat so that you too can shop online on Black Friday and Cyber Monday. This means that you need to be able to recognise phishing attacks and know how they can be outsmarted. Companies also need to create awareness of phishing among their employees in a targeted way. You can find more information about security awareness, phishing and social engineering, as well as a quiz to test your security awareness on our security awareness knowledge website!