THREAT ALERT

Black Friday and Cyber Monday: High Deals, Higher Cyber Risks

Friday, November 22nd, 2024

VIEW ALL THREAT ALERTS

Cyber security risk management solutions from DefenseStorm.

As the excitement of Black Friday and Cyber Monday draws shoppers in with unbeatable deals and discounts, it’s important to remember that the online shopping frenzy also brings increased cybersecurity risks.

As the excitement of Black Friday and Cyber Monday draws shoppers in with unbeatable deals and discounts, it’s important to remember that the online shopping frenzy also brings increased cybersecurity risks. While consumers race to snag the best bargains, cybercriminals are equally eager to exploit vulnerabilities, using tactics such as phishing scams, fake websites, and open Wi-Fi and vulnerable devices. This heightened risk requires vigilance from both shoppers and businesses to ensure that the only thing being stolen this season is the savings.

Summary – Zooming In

Here’s what you need to know and stay safe while hunting for discounts.

  1. Beware of Phishing Scams: Phishing attacks are one of the most common methods cybercriminals use to target online shoppers. During the shopping frenzy, you may receive emails or text messages that seem like legitimate offers from trusted brands. These messages often contain links that lead to fake websites designed to steal your personal and payment information.
    • Tip: Always verify the sender’s email address and look for any signs of inconsistency, such as poor grammar or suspicious URLs. Avoid clicking on links directly from emails. Instead, visit the retailer’s website by typing the URL into your browser.
  2. Fake Websites and “Too-Good-to-Be-True” Deals: Cybercriminals set up fake websites that mirror popular retail stores, offering “exclusive” deals. These sites may look convincing, but they’re designed to steal your money or personal data.
    • Tip: Always check the website’s URL to ensure it’s the official retailer’s site. Look for “https” in the address bar and a padlock symbol, which indicates a secure connection. If a deal seems too good to be true, it probably is.
  3. Protect Your Devices and Networks: Cybercriminals may also exploit vulnerabilities in your devices or network to access your personal data. Public Wi-Fi networks, often used during shopping trips, are particularly risky, as they can be a target for hackers to intercept information.
    • Tip: Avoid shopping on public Wi-Fi, or use a reliable VPN service to secure your connection. Ensure your devices have up-to-date antivirus software and strong passwords for extra protection.
  4. Monitor Your Accounts: After making purchases, it’s crucial to keep an eye on your bank and credit card statements for any unauthorized transactions. Promptly reporting suspicious activity can help minimize damage if your information is compromised.
    • Tip: Set up alerts on your bank or credit card accounts to receive notifications of any unusual transactions in real-time.

Final Thoughts

While Black Friday and Cyber Monday offer amazing deals, they also present significant cybersecurity risks. By staying vigilant and following these tips, you can enjoy the discounts without falling victim to fraud. Remember, the best protection against cyber threats is awareness and proactive caution. Happy shopping, and stay safe!

DefenseStorm Recommendations 

Continuous research is being conducted for all newly discovered or recurring malware and ransomware. As always, DefenseStorm recommends the following practices to help secure your environment:

  • Continued internal training for phishing campaigns
  • Block threat indicators at their respective controls
  • Keep all systems and software updated to the latest patched versions to best protect against all known security vulnerabilities
  • Maintain a strong password policy
  • Enable multi-factor authentication
  • Regularly back up data, air gap, and password backup copies offline
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location
  • Use app hardening
  • Restrict administrative access

 

Diana Rodriguez

Cyber Threat Intelligence Engineer

Diana Rodriguez is a Cyber Threat Intelligence Engineer for DefenseStorm. She joined DefenseStorm in 2019 with 9.5 years of experience in cybersecurity and banking. Diana’s career began at Wells Fargo where she played a pivotal role in protecting financial institutions. Over the 5 years with Wells Fargo, she held diverse positions there, first starting as a teller, then transitioning to become a financial crime analyst, and eventually a cyber security analyst. This experience provided her with a comprehensive understanding of the intricacies of the banking industry and the critical importance of cybersecurity in protecting sensitive data. Diana holds a Bachelor’s degree in computer science from UNCC and a Master’s Degree in Cybersecurity from UNC at Chapel Hill. She completed the MITRE ATT&CK® Defender certifications which provided her with the expertise to effectively apply knowledge of adversary behaviors, enhancing security configurations, analytics, and decision-making to provide the utmost protection for DefenseStorm’s clients. Diana also holds the GIAC Certified Incident Handler and NSE1, and NSE2. During her tenure at DefenseStorm, she has become proficient in the platform, taking an active role in proactively detecting and responding to cyber threats. She’s played a vital role in developing new policies and advanced analytics to detect and prevent potential attacks effectively while educating and empowering customers to optimize the DefenseStorm services to fortify their security measures.