This year, Black Friday might look a bit different than recent years.
As we work through the second wave of the pandemic, many people will be looking to take advantage of Black Friday deals online, turning Black Friday into an extended Cyber Monday. E-commerce holiday spending is expected to increase by 25-35% this year compared to 14.9% last year and many consumers look to Black Friday sales as a time to save big on holiday spending, holding especially true during a time when unemployment rates are high and money is tight. This increase in online spending brings out the worst in cyber criminals as they make moves to take advantage of those looking for the best deals. Not only do these criminals pose a risk to consumers, they also test the security of retailer websites. As we saw in 2019, Macy’s experienced a data breach through the use of Magecart malware to execute a card-skimming scam on it’s checkout page, affecting customer’s personal information such as name, address, and credit card information. The security of retailer websites has always been important to protect consumers, however as the pandemic pushes consumers to do more online shopping, the bad actors will continue to rise and take advantage.
So how can retailers and consumers protect themselves against cyber criminals? Below we have some best practice tips for both the consumer and the retailer to ensure a safe Black Friday shopping experience.
A few tips for consumers when shopping this holiday season:
- Don’t fall victim to phishing
As we’ve discussed many times before, phishing scams are a popular way cyber criminals gain access to your credentials. As Black Friday approaches, you may start to get bombarded with emails asking you to click for the best deals, prizes, or even gift cards. Be very careful with any links you click as many of these “too good to be true” offers could be holiday scammers. In addition, be weary of emails appearing to be related to your online accounts or purchases you have made and scrutinize whether they are in fact from the company in question of potentially fraudulent attempts to get you to reveal personal and banking information. The best course of action is always to contact the company directly if there is any doubt.
- Always check that the website/checkout is secure
When entering your credit card information and personal details online, you should always make sure that the website is secure by looking for the lock in the address bar. This is especially important when using the checkout page.
- Use reputable websites/check URL’s
Always make purchases from a reputable site. Many reputable retailers have had copycat sites created offering huge savings on merchandise. Usually we see an increase in copycat sites around the holidays with lookalike domain names. Always be sure to check the URL of the site you’re using to ensure there are no random words, numbers or letters, and again make sure it’s secure. If you are shopping on a new site, a quick search could provide valuable information about the reputation of the website.
- Use a third-party payment method
A great way to protect your credit card and personal information is to use a third-party payment method such as PayPal or Venmo. When utilizing these services, your personal information isn’t shared with the retailer. PayPal also offered payback protection where if the consumer doesn’t receive the merchandise they ordered, PayPal has them covered.
- Use a secure network
Whenever entering sensitive information online, you should only ever make those transactions on a secure network taking into account best practices for public WiFi. Never make purchases online or share this information over a public network.
- Monitor your accounts and credit cards
When you’re making purchases online, always monitor your accounts for unknown purchases and notify your bank immediately if you see something on your account that shouldn’t be there. This time of year you likely have more transactions than usual and we can easily lose track of them, so do yourself a favour and take a moment here and there to ensure all of your account activities add up.
- Create strong passwords
Always create strong passwords for each account, especially those that you have to enter personal information. Never use the same password throughout different accounts.
Although consumers should be aware of the above as they’re shopping online, retailers are also responsible to keep their customers safe.
Below are a few best practice tips for retailers:
- Secure your cloud
Cloud providers are only responsible to protect the cloud infrastructure itself, not the applications you’re hosting. It’s the retailer’s responsibility to protect their data, applications and virtual infrastructures. Talk to your security provider about best practices for securing your cloud.
- Protect from card-skimming
Retailers are at risk of being victim to card-skimming scams, like Magecart, such as Macy’s in 2019. Retailers should be on the lookout for malicious third-party code on their websites and checkout pages.
- Fix vulnerabilities
Run vulnerability assessments on your website, applications and systems making sure to keep everything up to date. Ensure that all software and firmware is up to date and patched in a timely fashion to help prevent any attempted attacks from being successful. For in-house and custom applications, following secure coding methodologies and performing rigorous and regular testing of applications by capable penetration testers is a must to protect both your data and your business.
- Encrypt customer data
Ensuring that all customer and otherwise sensitive data is encrypted is a generally accepted best practice, mandated by law in many cases, and hopefully goes without saying. Encrypting data properly can go a long way to preventing breaches, but we must follow best practices for what type and method of encryption is used, both at rest and in motion, as well as being mindful of how and where keys are stored and managed.
- Hire a security provider
For retailers who don’t have an in-house security team, hiring a trusted security firm is a great option. Advisory services can help to assess and design the right security posture to reflect your requirements, Professional Services engagements can also efficiently accomplish work like optimization and testing that benefits from the eyes of experts, and, finally, Managed Services give you the peace of mind that someone is always watching, ready to respond when attacks happen.
What’s important to remember is to stay safe and secure (both you and the organization you represent!) when browsing online. Remember to always shop with trusted sources, and if it seems too good to be true, it probably is! If you have any questions on best practices, we’d love to help. Reach out to us at firstname.lastname@example.org to find out more.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.
You can also find us on Twitter, Facebook, LinkedIn.