Companies and customers must work together to beat the hackers and scammers.
In the days after thanksgiving Americans and Europeans will splurge their savings online and in stores, taking the advantage of price cuts leading up to Christmas.
Yet while there are bargains to be had the event will attract cybercriminals by the dozen, aware that everyone is looking for the best deal and likely not being as careful as they should. To keep you protected we have assembled the best from the cybersecurity industry, with their top tips to keep you safe online.
1) Malicious adverts will lead to scams
Throughout the year we have seen a great many scams using piggybacking on popular events, and Black Friday is unlikely to be any different in that regard.
Adam Kujawa, head of malware intelligence at Malwarebytes, said: "Users are always on the lookout for great deals, especially on Black Friday and Cyber Monday, and just as with any other time of the year, malicious actors take advantage of these desires by creating ‘click-bait’ ads or posting links to ‘the best deal ever’, always leading to either a survey, a scam site or even drive-by exploits."
Users are advised to treat such offers with scepticism, especially when the source is unfamiliar. Antivirus software should also be kept up-to-date, so if a convincing advert does trick you you are protected against infection.
2) DDoS attack might be mistaken for customer surge
Distributed-denial-of-service (DDoS) attacks are often used by political campaigners looking to embarrass organisations, or even by hackers seeking to amuse themselves. Attackers instigate one by hijacking other computers and spamming a server with traffic, causing the system to slow down or even crash.
"Cyber Monday is synonymous with increased web traffic, and retailers determined to meet their customers’ expectations run the risk of mistaking high volumes of web traffic as popular demand for their products, rather than an orchestrated attack designed to bring down websites," said Del Heppenstall, a director in cyber security at professional services firm KPMG.
"A ‘promote and deliver at all costs’ mentality may drive immediate sales, but the long-term cost if customer data is compromised will outweigh any profits made on the day. "Cybercriminals may not be able to turn what they discover into cash immediately, but what they glean can provide a gold mine for identity theft if login, payment and other details are easy to access."
3) Brands could be damaged due to fraud
Though customers are the first victims in cases of identity theft and cyber-fraud, the knock-on effect on corporations also exploited by crooks can be even more severe.
Fraudulent emails and offers often make use of legitimate logos and branding to seem more plausible. Stuart Fuller, director of commercial operations at NetNames, said that the opportunity for growth online must be weighed against the risks of cybercriminals misusing your assets and image in spam campaigns.
"For online retailers and FMCG brands, safeguarding your genuine customer traffic and protecting your legitimate route-to-market is of paramount importance to maximise the opportunities that the online channels offer to grow sales at Christmas," he said.
4) Obfuscation must safeguard customer databases
This year has firmly established the so-called "mega breach" in the minds of the public, with large American retailers such as Target and Home Depot raising the profile of cybercrime around the globe.
If the Christmas season is not to be a repetition of the past action must be taken to protect customer data, which is stolen by cybercriminals to be sold online at a later date. Paul Ayers, VP of EMEA at data security company Vormetric, said retailers must ensure they have adequate fraud protection and detection.
"The best way to mitigate the impact of data loss, which is becoming an increasingly likely scenario, is to make sure that all data amassed is stored in obfuscated form so that it is useless to any would be hackers," he said. "Equally, all web traffic and database activity should be looked at with caution and anomalous behaviour or suspicious activity notification alerts should be acted upon immediately and not dismissed."
5) Analytics could be used to defeat phishing
As with the malicious advertising subscribed above, hackers will make use of phishing emails during the Christmas season to divert users to phishing pages or install malware, often exploiting company branding.
In the past companies have been powerless to fend off spam email campaigns, which can even spoof email addresses to appear to be sent from a legitimate source. However Patrick Peterson, CEO of the security firm Agari, believes new analytics tools will allow real-time monitoring and mitigation of such campaigns.
"They need to urgently move away from simple signature-based methods for email authentication, and start using more intelligent and analytical-based solutions that continuously track cyber-criminal activity and monitor domain traffic in real-time," he said. "In doing so, email-borne cyber-attacks can not only be spotted well in advance and taken down, but also their point of origin in the world can be established."