Black Friday Tips: Black Friday and Cyber Monday have become unmissable events for shopping enthusiasts, offering unique opportunities for advantageous purchases.

However, these events attract not only buyers but also cybercriminals who exploit the increase in online traffic to conduct phishing and social engineering attacks. 

In this context, cybersecurity is crucial. During these periods, phishing, smishing (SMS phishing), and spoofing (creating fake websites) attacks increase significantly, exploiting the urgency and frenzy of shopping. Hackers aim to deceive users with tailor-made offers, often indistinguishable from real ones, to steal sensitive and financial data. 

How scam SMS work

Ermes – Browser Security

Ermes Browser Security, specialized in cybersecurity, highlights an increase of up to 400% in spear-phishing attacks during these periods. Companies and consumers must therefore be particularly vigilant, adopting robust security measures and maintaining a high level of awareness to recognize and prevent such threats. 

How to Shop Online Safely?

Recognize and Avoid Online Scams 

Black Friday and Cyber Monday are events that attract millions of online consumers, but with them come the risks of scams and online fraud. It’s essential to be informed and prepared to recognize and counter these threats. 

Beware of Fake Websites 

Fake or phishing websites are one of the most common traps during Black Friday. These sites mimic legitimate ones to deceive users and steal sensitive data. To identify them, it’s important to check the site’s URL, look for spelling or design errors, and verify the presence of cookie banners, mandatory in the European Union. A site without these banners could be a warning sign. 

Email and Phishing 

Phishing emails are another common tool used by cybercriminals. These communications can seem to come from legitimate sources and often contain links leading to fraudulent sites. It’s crucial to be cautious with emails requesting personal or financial information, especially if they contain offers that seem too good to be true. 

Offers Too Good to Be True 

During Black Friday, it’s common to come across incredible offers. However, some of these may be deceptive. Cybercriminals often use tempting offers to lure victims. It’s important to exercise skepticism and do additional research before proceeding with purchases from unknown sites or sellers. 

Always verify the authenticity of websites and emails, and be wary of offers that seem too good to be true. 

Online Shopping Security 

In the context of Black Friday and Cyber Monday, where online shopping opportunities multiply, it’s crucial to adopt effective security practices to protect your data and finances. Here are some fundamental strategies. 

Using Secure Websites 

The security of a website is the first factor to consider before making any purchase. It’s essential to verify that the site uses HTTPS, indicated by a padlock next to the URL, which guarantees a more secure and encrypted connection. Additionally, the presence of SSL (Secure Socket Layer) certificates is a further indicator of security, ensuring that transmitted data is protected. 

Using Credit Cards Over Debit Cards 

Using credit cards offers greater security guarantees compared to debit cards. Credit cards often include additional protections against fraud and identity theft and are not directly linked to the user’s personal funds, reducing the risk in case of fraudulent transactions. 

Password Management 

Effective password management is crucial for online security. It’s important to use complex passwords, unique for each account, and to change these credentials regularly. Using a password manager can help keep track of different passwords securely, avoiding the use of easily guessable or repeated passwords across multiple sites. 

Cybersecurity during Black Friday and Cyber Monday is not just a matter of technology but also of conscious and informed behavior. 

Protecting Personal and Financial Data 

In an era where online shopping has become the norm, protecting personal and financial data is of critical importance. Here are some key strategies for safe browsing and purchasing. 

Avoid Public Wi-Fi for Purchases 

Using public Wi-Fi networks, such as those in cafes, airports, or shopping centers, can be dangerous when making online transactions. These often-unsecured networks can be easily compromised by hackers looking to intercept sensitive data. To avoid risks, it’s advisable to use a private and secure network connection. If not possible, using a VPN (Virtual Private Network) can provide an additional level of security, encrypting transmitted data and making it much harder for malicious actors to access your information. 

Monitoring Bank Transactions 

Regularly checking bank statements is essential to promptly identify any suspicious or unauthorized activity. In case of unusual transactions, it’s important to contact the bank immediately to take necessary measures. Many banks offer real-time alert services, which can be an excellent tool for monitoring financial activity. Additionally, setting spending limits for credit and debit cards can reduce the risk of significant losses in case of fraud. 

Software Updates 

Keeping your devices updated is a crucial step for online security. Operating system, browser, and security software updates often include fixes for vulnerabilities recently discovered. These vulnerabilities, if unpatched, can be exploited by hackers to access devices and steal sensitive data. Therefore, it’s important to ensure that all devices used for online shopping are equipped with the latest software versions and security patches. 

Additional Online Security Tips 

  • Use Two-Factor Authentication (2FA): Where possible, activate two-factor authentication for online accounts. This adds an additional level of security beyond just a password. 
  • Be Cautious with Links in Emails and Messages: Avoid clicking on unsolicited links or messages. These could lead to phishing sites designed to steal information. 
  • Data Backups: Maintain regular backups of important data. In case of a ransomware attack or other problems, you will always have a copy of essential data. 

Small and concrete steps to protect your personal and financial data. 

Online Scams: Latest Examples 

Scams Using Amazon’s Name 

Recently, two online scams exploiting the names of Amazon and Trenitalia were discovered. In the first case, scammers advertised a “huge appliance kit” sold for 1.95 euros on Amazon, claiming they were available due to third-party seller failures. However, Amazon never offered such promotions. The scam involved convincing victims to answer “three simple questions” and enter their credit card data on a fake site, which looked legitimate but was operated by scammers. 

Phishing Trenitalia: Train Tickets and Credit Cards 

Another sophisticated scam involved fake Trenitalia sites, difficult to distinguish from the official site. The scammers created websites that mimicked the appearance and functionality of Trenitalia’s official site, with similar but not identical web addresses. Users were induced to book train tickets on these counterfeit sites, entering their credit card data. This data was then sent to servers controlled by the criminals, who used it for fraudulent purchases. 

The Value of Online Scams: Data in Italy 

In 2022, in Italy, online scams led to the theft of 115.4 million euros, marking a 58% increase compared to 73.2 million euros the previous year. This data emerges from the annual report of the Postal Police, which handled 15,508 cases of cybercrime, with a 3% increase compared to the previous year. Among the most significant scams, the increase in illicit activities related to online trading and so-called romantic scams is highlighted. The Postal Police have intensified prevention and counteraction activities, investigating 3,541 people, 4% more than in 2021, especially in the e-commerce and marketplace sector. These data reflect a growing trend of cybercrime in Italy, with a significant impact on victims and the economy. 

“The Cost of Cyber Deception: A 2022 Overview of Internet Scams in the USA” 

In 2022, Americans lost $10.3 billion to internet scams, the highest in five years, according to an FBI report. The FBI’s Internet Crime Complaint Center (IC3) received over 2,000 complaints daily. 

The most reported crime was phishing shipments, with 300,497 victims reporting losses over $52 million. Phishing involves unsolicited emails, texts, and calls from seemingly legitimate companies asking for personal, financial, or login credentials. These emails often resemble those from known contacts, leading victims to click on unsafe links. 

Data breaches and non-payment/non-delivery scams were the most common internet scams in 2022, with 58,859 and 51,679 victims, respectively. 

Ransomware attacks, where data is locked until a ransom is paid, are a major concern due to underreporting. In 2022, the FBI received 2,385 ransomware complaints with adjusted losses over $34.3 million. The healthcare industry was the most targeted, followed by critical manufacturing and government. 

Call center scams, mainly from India, caused over $1 billion in losses. These centers primarily target the elderly, with devastating effects. Nearly half the victims are over 60 years old (46%), suffering 69% of the losses (over $724 million). In total, the elderly lost $3.1 billion to internet scams in 2022, more than any other age group. 

Conclusion  

Black Friday and Cyber Monday are golden opportunities for shopping enthusiasts, but they also present fertile ground for cybercriminals. Online scams, particularly phishing and fraud involving fake websites, are on the rise during these events. It’s essential to be vigilant, verify the authenticity of websites and emails, and be wary of overly enticing offers. 

The security of online shopping involves using secure websites with HTTPS and SSL certificates, and preferring credit cards over debit cards. Careful password management and constant software updates are additional crucial steps to protect your data. 

It’s important to remember that any tool used by an employee can be subject to these risks. It’s increasingly recognized that people and technology must be aligned for safe browsing. 

For your company, there are Ermes solutions. Thanks to Ermes’ add-on, which acts as a filter on web traffic passing through the device, you are guaranteed complete protection, without the need for any VPN. 

In conclusion, cybersecurity during Black Friday and Cyber Monday requires a holistic approach that combines technology, awareness, and prudent behavior. Protecting your personal and financial data is not just an individual responsibility, but a necessity in an increasingly connected and digital world.