Black Friday threats are present, besides some incredible bargains. It is the time of the year when people spend billions of dollars to buy cheaper stuff. We all get excited and try to get the best deals, but forget about the huge threats. As we spend lots of money online for Black Friday, cybercriminals are ready to act, too. Also, false emails, banners and social media posts will encourage users all over the world pay for the things they might want.
So, here are the things to pay attention to, in order avoid Black Friday threats and remain happy after it.
The solutions for the Black Friday threats
1. Malicious links and attachements
The National Cyber Awareness System in the United States warns that cybercriminals will send emails with malicious links or attachments.
Promotional emails usually come from unknown sources. Keep an eye on any suspicious thing such as asking for your card or login details any other time than the checkout moment. Look for signs such as mismatched URLs or misleading domain names in emails. It might be even easier to use Google Transparency Report. Just copy your website’s URL and paste it into this field and check site status.
For example, sites like Bit Guardian achieve “No unsafe content found”. Other websites recieve a “Partially dangerous” rating, due to “deceptive content” (e.g., misleading advertising).
The report provides examples of why it gave a certain site a rating. Thus, you can decide whether or not the website is safe or not.
2. Malicious ads
Make sure that the websites you land on are legitimate before making a purchase. Again, check for mismatched URLs and the domain names. You can do this by typing the website’s name into a search engine and review the results. Also, look for reviews and feedback from sources unaffiliated with the website. A website with an “https” tag is considered more secure and trustworthy than one with the “http” designation.
Click on the padlock icon to verify the details of the website. Still, remember that the padlock, a symbol of trust, is sometimes used by new types of malware to hide behind it.
So, the best thing would be to use a free Windows native ad blocker – Ad Guardian Plus is our recommendation. Just search for the best deals without seeing the annoying and dangerous ads.
Tricky website URLs
Before any purchase, evaluate the website’s URL. Even after you’ve checked that the connection is secure, look for:
– Multiple dashes or symbols in the domain name
– Domain names that imitate big well-known websites (e.g. Amaz0n)
– Domain extensions.
– Look for bad English on the site. Numerous grammar and spelling mistakes, or awkward phrasing might be a bad sign.
A large number of ads crowding the page or ads that automatically play audio/video, mean that it’s probably not a credible site. Also, avoid the websites where ads take up the whole page or require you to take a survey before continuing.
If necessary, hover the mouse over the ad and avoid those that redirect you to another page.
Check the Contact page
Look for the Contact page. If possible, call or email the company to check the legitimacy of the website. Look for a Contact page. No Contact page should be a red flag for you. If it exists but is suspicious – the email address is strange, such as boulevard123@, it is time to leave.
Use a “WhoIs” search
You can find out who registered the website’s domain. If the domain uses private registration, you should leave it. You can use https://whois.domaintools.com. A recent registration or transfer of the domain may indicate that the site is not trustworthy.
Emails from “banks”
Emails apparently coming from a credit card provider or bank, regarding “suspicious transactions” or alerting that the account has been frozen. These might be a trick.
Fake shipping invoices
Fake shipping invoices are created for supposedly legitimate products or services that have never been delivered or carried out. Some employees create such invoices and submit them for payment. Sometimes, a third party comes between a supplier of some legitimate services and the employer. The payments are made for services, but the intermediary company skims some money out of this.
Monitor your bank account
Although you might take the steps above, remember to monitor your bank accounts. If any fraudulent activity occurs, flag it with the payment provider. Thus, you can frozen your card and start an investigation.
Stay up to date
Always keep your software and extensions (the web browser, the Flash and Java) up to date.
The Cybersecurity and Infrastructure Agency (CISA) in the USA published a “current activity” statement. The agency encourages everyone to be vigilant and recommends three important resources:
Using caution with email attachments.
Avoiding social engineering and phishing attacks.
Retailers, also at risk
Not only consumers, but also retailers will be at risk this Black Friday, Kaspersy warned. “During the holiday season, there’s also a greater likelihood of retailers being attacked directly. As the attention of your business focuses on accommodating the proverbial stampede of shoppers, there’s a good chance you could be too distracted to notice attacks in progress. When that happens, hackers might target your website to lead online shoppers to malicious clones to try to steal personal or payment information,” Charles Owen-Jackson wrote in blog post.
So, Black Friday threats can be avoided, if you pay attention to the things above.