In the next few days you will most likely receive dozens of emails or commercials advertising huge sales and discounts for the Black Friday/ Cyber Monday weekend. In fact, many stores and websites have already started their sales ahead of time allowing you to skip the Black Friday rush. This Black Friday and Cyber Monday make sure you are secure when shopping online.
In order to avoid the insane crowds of Black Friday many have opted to do their holiday shopping online from the comfort of their home. Additionally, Cyber Monday offers savings exclusively online three days later. This means that over the course of the weekend you may be opening yourself up to a multitude of cyber attacks.
Here are some common ways cyber criminals may try to trick you into giving up more information than you'd like:
As previously mentioned, most companies like Amazon, Best Buy, Walmart, etc will send out mass emails advertising their biggest sales and discounts of the season. Bad actors often take advantage of this by sending out their own false emails with malicious links used to steal your information.
When checking your inbox for savings this weekend make sure you stop and examine what your reading first. Check for any spelling or grammatical errors within the email. This is often a dead giveaway that the email may have been sent by an impersonator. Make sure to also check who the email is coming from. Does the email address match what a typical address from Amazon looks like? You should also make sure to hover your cursor over any links or buttons to make sure that its redirecting you to where it says it is. Lastly, it's important to stop and think before you click. If a deal seems to good to be true it most likely is, stop and think for a moment to determine whether or not this email could be coming from a malicious hacker.
Let's say you do happen to click on one of these malicious links sent to you in a phishing email. Some links may get straight to it and download malicious code onto your device, but others may redirect you to a spoof website maintained by the cyber criminals. These websites may look shockingly similar to to real site. A fake Amazon website may include logos and images that look insanely convincing. The websites are set up with the intention of harvesting your login credentials so that they can gain access to your actual account on the real website.
For example, you click on a link claiming to be from Best Buy. You are redirected to a website that you think looks exactly like the Best Buy website you're used to visiting. You login to your Best Buy account to take advantage of the huge savings you read about in the email and now your username and password belong to the cyber criminal. This hacker can now navigate to the real Best Buy and use those credentials to impersonate you, buy items with your credit card, etc.
When shopping this Cyber Monday make sure that you aren't giving out your information on a spoof website. Double check the URL to make sure it is the actual address for the website. You can also look to the left of the address bar for a lock icon. This lock icon means that the search engine views this website as secure. Also make sure you aren't giving your information to websites using the HTTP protocol. As a general rule its smart to avoid websites that don't begin with HTTPS. HTTPS is the secure encrypted version of HTTP.
Many employees may share their devices between personal and work. Or they may use their work device to do some quick shopping while working on Monday. Therefore, shopping online can be a personal security issue but also a threat to any organization. Does your organization have the proper tools to protect against shopping online mishaps? If not, CorpInfoTech can help you be proactive, rather than reactive. Let us help you know where your gaps may be - let our cybersecurity experts help you.
When shopping online this Cyber Monday and Black Friday make sure that you aren't falling victim to these schemes. Think before you click and make sure that these sales are coming from who they say they are!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.