Black Friday, the day after Thanksgiving, when retailers take advantage of still woozy and stuffed people with ridiculously low prices and unbelievable sales (for a limited time only!). What a way to kick off that festive (read: panicked) season.
Did you know thatBlack Hat hackerslove the holiday season too! And, for a lot of the same reasons that retailers love it.
So while you are digesting, recovering, and shopping online on Black Friday and Cyber Monday, All of us here at the Cybermaniacs urge you to stay safe, slow down on the clicking, and follow these tips.
Be Especially Wary of Ads on Black Friday and Cyber Monday
Everyone knows that an ad offering some absurd deal is probably a scam or at least clickbait full of cookies on the other 363 days of the year (364 on leap years). But on Black Friday and Cyber Monday, the claim for a great one-time-only deal may actually be true, but even thermal socks at 75% off doesn't mean that you should click on it. (We love fuzzy socks!)
An ad on a website works by running code on your computer. In an ideal world, this code would be safe and helpful. However, hackers take advantage of online ads to run malicious code or trick you into doing things that can hurt your computer.
If you want to take advantage of a deal offered by an ad, go the the company’s site directly and claim it there rather than clicking on an ad and getting something that you didn’t actually want (like, you know, malware).
Don’t Get Clicky on Black Friday and Cyber Monday
On and before Black Friday and Cyber Monday, companies send out tons of emails letting you know about all of the best sales, door-busters, killer deals, and incredible giveaways to ensure that you come to their store or website when the day comes.
These emails will be littered with pictures and links trying to get you to visit their site in advance to see the deals and maybe buy a couple of things pre-sale.
Hackers know that the holiday season is a great time for a phishing attack. People trying to find that “last gift” or get in on that “limited time offer” will often click on a link without thinking twice.
Putting in a few minutes to set up a real-looking website and crafting a plausible phishing email means that they definitely get the better end of the deal when the passwords and billing information start rolling in.
Double-Check Those URLs on Black Friday and Cyber Monday
Black Friday and Cyber Monday are all about moving quickly. In ourSocial Engineering courses, we talk about how one of the ways that hackers influence people is by making them think that they’re getting a “limited time offer” or something “with only X in stock”. Sound familiar? Yep, marketers are expert social engineers…
The rush to get in on Black Friday and Cyber Monday deals means that you need to move quickly. Before entering any sensitive information,be sure to double-check the address bar on the site.
You want to make sure that the address looks right (correct business, correct spelling, etc.) and that you see the lock icon and HTTPS:// at the beginning of the address. If not, don’t enter any information.
If you do, there is a good chance you’ll never get what you ordered. And when the hackers start ringing up charges on your credit card, well, it will cost ya a lot more than you thought.
Only Shop Online from Home on Black Friday and Cyber Monday
While out and about on Black Friday, you may decide that you need a break from the crowds and drop into a local coffee shop or restaurant. If you’re taking a break, actually take a break. Strike up a conversation with the person sitting next to you. Compliment the barista on her reindeer antler headband.
But remember that online shopping from public WiFi can be a major mistake.
When you connect to a WiFi network, your traffic to and from the router is encrypted, but everyone uses a safe password. Anyone with the password can intercept your traffic and, if the site you’re on isn’t using HTTPS, may be able to read and/or modify it.
If you’re entering personal information while out and about, anyone can read your password, billing information, etc. over your shoulder. When doing online shopping, do it on a trusted WiFi network somewhere private, not at the local cafe.
Safely Using Social Media on Black Friday and Cyber Monday
It seems like everyone is constantly on social media and this includes businesses. In the days leading up to Black Friday, retailers take to social media channels to promote their big sales. It’s important to play it safe while checking out advertisements on social media.
One of the main threats of social media is the fact that there is little or no verification associated with setting up an account. Hackers take advantage of this by creating accounts that look like legitimate businesses and using them in a variety of scams and attacks. To make things worse, shortened links, which conceal their target address, are common on social media due to message length limits.
While on social media, never click on a link. Visit the retailer’s website directly and find the sale that way.
Staying Safe on Black Friday and Cyber Monday
Black Friday and Cyber Monday are great opportunities to get deals on things that may be unaffordable for the rest of the year. However, both retailers and hackers take advantage of the excitement and urgency of shoppers. While shopping online, take the extra second to ensure that you and your family are cyber-safe.
If you’ve got parents, aunts, uncles, cousins, friends, or co-workers you know are excited about all the hot deals coming their way next week- send them a copy of this blog. We love a bargain, but giving away your personal information to a hacker is not part of that “great deal”. Stay safe & Happy Hunting!