Cybercriminals will be looking to exploit shoppers during the Black Friday sales – an expert from Sheffield cyber security firm CSS Assure has warned.
People in the UK are planning to spend an estimated £3.95bn on Black Friday, November 25, and Cyber Monday, November 28, purchases this year, according to research by comparison site Finder.
Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said bargain hunters lowering their guards during the rush to bag the best deals are at greater risk of malicious threats.
He added: “In the run-up to and during Black Friday and Cyber Monday, many outlets will run promotional offers to encourage spending. This is a potentially lucrative time of year for cybercriminals as they know shoppers are less vigilant as they rush to snap up the best deals.
“Cyber criminals will no doubt be looking to take advantage of the vast amount of transactions taking place and the financial information being shared as a result. There is also an increase in promotional email traffic, which makes it hard to differentiate the real bargains from scams – presenting a heightened risk of phishing attacks.
“With this in mind, it is important consumers take steps to protect themselves and their families during two of the biggest shopping days of the year.”
“Firstly, shoppers should change their passwords right away. While this is a faff, it is the single greatest defence you can make to protect yourself against a cyber attack and will instantly make you much safer online.
“Currently, there are millions of emails and passwords for sale on the dark web, which have been breached by companies that have not protected people’s personal data sufficiently. Cybercriminals can buy this data for minimal amounts of money and gain access to your emails.
“They will look for social media accounts and online high street accounts and test your combination to gain access. From this, they can gather more personal data until they have enough to conduct identity theft, which could result in credit being taken out in your name or using your saved payment cards to make online purchases, for example.”
Personal data breach identification
“It is a good idea to understand whether your data has been breached so you can put in place other necessary measures to protect yourself. To do this you can use a free service provided by Have I Been Pwned. All you need to do is enter your email address and the site will tell you whether it is associated with a breach and if so, what other data has been stolen.
“If you have been breached, it is even more important that you change your password to break the chain. Next, you need to understand whether you have been entered into any spambots – as the name suggests, these are bots that send spam to you.
“While some spam is laughable, others are highly credible. If you’re rushing, there’s a higher change you will click a link in a spam email, which could execute malware or ransomware on your device.
“Unfortunately, the only way to rectify and avoid your exposure to spam – and, in turn, the chances of clicking on a malicious link – is by changing your email address. This is best done by transitioning email address information on websites over a period time. While this is an arduous task, it is an effective and vital way to protect yourself.”
Check your anti-virus protection
“Finally, make sure your anti-virus protection is installed, activated with a valid licence and updated. While free anti-virus software is available, in life you get what you pay for and it may not protect you sufficiently. Competition to provide the best anti-virus changes year on year between the main vendors as they achieve technology breakthroughs in response to the evolution in cyber threats.
“The best thing to do is check reputable tech websites for reviews of the best current anti-virus software. We recommend buying a one-year licence, and then when it comes to renew, assess which company has moved to the forefront of anti-malware protection. There will always be new customer deals to be had.”