Beware of “too good to be true” bargains. This will be tough to do, as Black Friday and Cyber Monday are all about great offers. But, if it seems WAY too good to be true, it probably is.
"Really it's about trying to entice people to spend their money where they normally wouldn't so it goes into the pockets of the bad guys," said John Bloomer, Regional Director of Security Engineering, CheckPoint Research.
Check Point Research reported a spike in hacker activity over the past six weeks, with a surge in malicious phishing campaigns targeting online shoppers.
FOX10 News Anchor Lenise Ligon spoke with John Bloomer, Regional Director of Security Engineering, via Skype about what online shoppers need to be on the lookout for.
"Everybody is having stuff shipped to their houses from all over the place so that opens up the opportunity to leverage that new behavior and take advantage of some compliancy potentially and use new ways to get into people's wallets," Bloomer explained.
Your best bet is to go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity and watch for misspellings.
Check Point researchers provided an example of an email phishing campaign they recently caught. The campaign attempts to imitate the jewelry company, Pandora.
- Email subject: “Cyber Monday | Only 24 Hours Left!”
- Sender: Pandora Jewellery (no-reply\@amazon\.com)
If you think the deal is coming from a legitimate store and you want to shop, it's better to log onto that site directly instead of clicking the link in the email. That way you know you're going to the right place.
This year has already been a record-breaker in terms of online shopping as a result of Covid-19 related restrictions and concerns, and more records are expected to be set in the run-up to Black Friday and Cyber Monday at the end of this month. Enjoy your shopping, just be careful and be diligent!
Hackers go phishing to hook unwary online shoppers
In the four weeks from October 8th – November 9th, the number of weekly “special offers” related phishing campaigns have doubled globally, rising to 243 in the beginning of November, compared to 121 at the start of October
The first half of November showed an 80% increase in phishing campaigns relating to sales & shopping special offers, with emails including phrases such as “special”, “offer”, “sale”, “cheap”, “% off”
- 1 out of every 826 emails is a phishing email related to November shopping days, compared to less than 1 in 11,000 phishing emails at the start of October
- In just two days (9th and 10th November), the amount of weekly “special offer” phishing campaigns was already higher than during the whole of the first week of October.
How to Stay Safe and Shop in Confidence
Beware of “too good to be true” bargains. This will be tough to do, as Black Friday & Cyber Monday are all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Never share your credentials– Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and don’t re-use passwords.
- Always be suspicious of password reset emails– If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and send those to them.
- Always note the language in the email– Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
- Watch for misspellings- Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.