For many, Black Friday 2022 marks the official start to the Christmas shopping season and, excitingly, many retailers announce time-limited sales that promise huge savings to consumers. But it’s also the prime time for cyber criminals to cash in, too.
While consumers rush to grab themselves a bargain, they may get caught out in a phishing scandal. Phishing links commonly lead to fake login pages, prompting victims to authenticate themselves on their web account. For instance, victims may think they are logging into their favourite retailer account, when, really, they are handing their username and password over to an attacker, who can use it to their advantage later. Although this affects users directly, it also negatively impacts the retailer’s reputation, which can be difficult to recover.
PayPal – a platform used to handle payments by many online retailers – is one of the most commonly mimicked websites. It is not only the retailer’s site that you need to be able to trust, but third-party applications used by that site, as well.
Malware (as the portmanteau suggests) refers to any malicious software designed to harm a computer system by tracking user activity, hijacking functionality or stealing, deleting or encrypting data. Most malware enters your systems via email (widely reported at more than 90%). Statista reports that there were 2.8 billion malware attacks in the first six months of 2022 – more than half the number reported in the whole of 2021.
Malware is constantly proliferating and changing. AV Test describes how the total amount of malware has grown every year since 2008 (their first data point), and that 2021 saw the largest influx of new malware of any year on record.
This should be seen as a high-risk Black Friday cyber threat.
Formjacking is a form of ‘Magecart’ where malicious code is injected into the checkout forms of a website and can go undetected for a long time. Cyber criminals then hijack web forms to steal personal and payment information from shoppers.
Ransomware encrypts files, so they are made inaccessible to the owner. The cyber criminal then demands a ransom payment in return for releasing the locked files. Ransomware occurs when legitimate ads are hacked (‘malvertising’), or through phishing emails and exploit kits. This will have consequential impact on consumers and retailers/businesses.
A staggering 3 in 4 IT leaders expressed a lack of confidence in their company’s IT security posture and saw room for improvement. Despite this, just 57% of companies conducted a data security risk assessment in 2020 and businesses need to up their cyber security efforts to reduce these risks and minimise the impact of an attack.
The above attacks take place daily and are not specific to the holiday season or large events like Black Friday, but the volume and frequency of these attacks significantly increase during these times, as more consumers make purchases online.
Being aware of these threats is a step closer to preventing cyber attacks on Black Friday 2022 and during the holiday season to come. Businesses should balance their investments in security awareness training for employees and putting robust security measures in place that can help to scan their systems for suspicious activity. Similarly, consumers need to be better educated and made aware of potential threats.
If you find yourself the victim of a cyber incident, ESA Risk can help you with your response to the attack and to make you cyber-secure in the future, through the design and execution of a strong cyber security plan. Reach out to our Cyber Risk & Security Consultant, Graeme McGowan, at firstname.lastname@example.org, on +44 (0)843 515 8686 or via our contact form to find out more.