An article in the Vancouver sun on Wednesday reminds us that it is not just our neighbors to the south that need to be concerned, but all of us. Canadian retailers have come to realize that Black Friday shopping has over taken Boxing Day and many of them have joined the Black Friday bandwagon. “Holiday time is when most retailers make the majority of their sales and consumers have figured that out as well”. Shopping online has become a way of life for many of us because it’s so easy to do; search for the best deals, add them to our shopping carts, pay by credit card, then sit back and wait for your stuff to arrive.
However, studies have shown that targeted threats against shoppers and retailers increase as the volume of shoppers surges during a holiday period – Black Friday, Thanksgiving, Boxing Day – to name but few. These have become the favorite days for cyber criminals. Let’s face it, cyber criminals are smart – it’s the busiest time of the year and they’re hoping to take advantage of you being distracted. Key attack methods include phishing/smishing/spam, malvertising, pre-installed malware, point-of-sale (POS) malware, service disruption attacks, and account takeovers. As expected, the past few weeks have shown a steep increase in phishing and scam emails.
The picture this week shows what we’re monitoring from our security centre. You can also watch these cyber-attacks yourself in real time via the “Norse Attack Map” (google it).
Here’s a taste of what we’ve been seeing:
- Emails from a popular retailer such as Wal-Mart or Best Buy link to a site that offers free gift cards – but only if you answer survey questions before Black Friday. These sites called survey scam sites will ask you a series of questions with little to no payoff for your answers and time. The sites also request personal information, which criminals harvest and sell to the highest bidder.
- A fake Black Friday email can bait you into clicking on an embedded link. This will then lead you to a site with a bogus protection plan offer. Other spam emails contain lottery schemes that invite you sign up for a free trial in order to “win” something.
And the threats this year aren’t just limited to spam email. Many offer deals on name brand purchases, but to participate, you’ll have to give them some personal information. The information is harvested by cyber criminals and clicking any of the brand icons will trigger a malware download to your computer.
Use your head, be present and stay safe! Be vigilant with both online and offline transactions, check with your bank on setting up alerts on suspicious transactions, ensure your computer has the latest security updates and anti-malware, and don’t be afraid to ask retailers on the protection measures they have implemented.
Bob Milliken is the TheITguy@CascadiaSystemsGroup.com specializing in helping businesses with their IT needs. Discover how great local IT services can be.604.270.1730.