Industry ObservationsWeb Application Security

Avoid These Threats on Cyber Weekend

The biggest shopping time of the year is fast approaching, and for consumers this year it means shopping primarily online. Black Friday and Cyber Monday are now both wrapped up into one concise label: Cyber Weekend, which holds more consideration than any year before for shoppers who are looking to find holiday deals they can’t pass up.

According to this year’s holiday retail forecast conducted by Deloitte, online sales between November and January should amount to nearly $218 billion, about a fifteen percent increase from last year. Experts claim that “ongoing uncertainty spurred by the pandemic,” very well may be the reason for the sharp increase in spending on goods online.

Photo by Volodymyr Hryshchenko on Unsplash (Photo Credit: GovTech)

Remember that scene (above)? Burned into every consumer’s mind around the holidays, the classic image of crowded retail stores clogged with groups of shoppers resembling Lord of the Flies isn’t really the case anymore, especially in the wake of the pandemic and companies’ responses to a better online shopping experience. But we traded one set of pressures for another, as cyber crooks have adapted to the new normal, targeting vulnerable online shoppers at a time of the year where people take more risks to get lower prices on the goods they want for the holidays.

In a recent consumer survey of more than 1,000 online shoppers conducted by NTT Application Security, more than 52% of respondents said they feel their data is protected when shopping online. Yet, more than a quarter of respondents also reported having their personal data stolen due to online shopping within the past two years. And nearly three quarters said they are concerned about the security of their data when shopping online.

Cyber threats are still apparent even in the wake of more stringent online security measures. So, here are the threats to avoid during Cyber Weekend when shopping online.


#1 – Too Good to be True or Too Shady to be Good

That same consumer survey reported that about a quarter of respondents claim they may have fallen for an email scam when they thought they were taking advantage of a great deal.

Don’t be tempted by that “insane” deal you didn’t ask for in your inbox or on that website you’ve never been to before. Even some “limited-time” offers are just scams to get you to hand over that precious personal data. Check those links before you click. If it looks shady, it probably is. If the deal is just too good to be true, it absolutely is.

Even clicking a link before giving your personal information can be risky, especially in an email from a sender you’ve never heard from before. Cyber criminals have become frighteningly efficient at drafting up emails that look legitimate. They like to use stolen branding from reputable retailers coupled with clever subject lines and embed malicious links for you to click on. This is a classic phishing scam and still an effective cyber threat.

Here’s the bottom line. If a big brand is putting out a sale online for Cyber Weekend, it will also be available on their website. So, say “thanks for the deal,” don’t click the link, mark the email as spam, block the sender and go directly to the retailer’s website from a Google search. If it’s legit, it will be right there for you to take advantage of on their website.

If it’s actually the website you want to be on, you should see markings in the URL bar at the top of the page to show it’s a secure site, such as a padlock icon. You always want to land on secure sites from a direct online search, not from a link on another site, especially if that site is hosted in another country. The extra deals and price drops are just not worth the potential risks.

And then there are those more subtle “free gift card” scams. Take a survey to get a one-time, crazy discount. Just go fill out this web form with your personal data after you complete the survey, and they’ll send that gift card over to you! As Admiral Ackbar from Star Wars would say, “it’s a trap!” There’s no such thing as a free lunch, so the saying goes. Be mindful and exit that survey.


#2 – Social Media Deals and Pop-Ups

Have you ever seen a post on social media for a product similar or nearly identical to something you looked at on a website but didn’t end up buying? This kind of product advertisement can lead to stolen information or knock-off products in some cases. Well, multiply the occurrence of those ads exponentially, and that’s one cyber criminal strategy during Cyber Weekend. There will be scams a plenty this holiday season, thanks to well-placed malicious ads on social media and pop-ups on non-retail websites.

NTT Application Security reports that over 67% of online shoppers have clicked on links when offered a deal through an advertisement, email or social media promotion.

Cyber threats don’t just include clicking on ad links through social media, but also liking or sharing those ad “posts” to get others in your network to do the same. Don’t start the train that leads to stolen data for multiple users. That includes pop-up ads on other websites you visit that lead to websites that can look real.

Again, if it’s legit, go to the retailer website directly through a Google search, or by typing in the retailer’s actual URL and find the deal there. For perspective, there are about 100,000 fake websites out there posing as known brands trying to get your information. The website URLs are usually similar to the brand’s actual URL, but never the exact same.


#3 – Shopping Online in Public

One may not think it happens so often that it’s a real problem, but one of the easiest ways to be compromised during Cyber Weekend is to use public wifi networks to make holiday purchases. A good tip if shopping online outside of your secure wireless network is to switch to your mobile hotspot on your phone instead of public wifi. The more obvious thing to be conscious of when shopping online in public is avoiding crowded areas to use your device when making purchases. Check your surroundings and make sure that person next to you in the coffee shop isn’t monitoring or documenting you typing in your payment information.


More Secure Cyber Weekend Shopping Tips

In addition to being on a secure network, shoppers must be mindful about using secure payment methods as well. The best choices are using secure payment applications like Google Pay or PayPal, which uses stored personal account information without having to enter data while making online purchases. These payment service applications also have good protections for shoppers, like being able to report fraudulent charges made on an account through website purchases.

If you don’t prefer using payment applications and have to use personal banking information, it’s recommended to use a credit card instead of a debit card when buying online. According to Credit.org, “credit cards have extra legal protections that debit transactions don’t have.” The law protects credit shoppers with lower purchase limits in cases of fraudulent charges, which is not necessarily the same for banks who dole out debit cards.

Not to mention that when your money is stolen from your bank via a debit card, the charge is immediate barring a reported transaction dispute whereas, with a credit card purchase, fraudulent or legitimate, the charge is credited and not immediately taken out of your account. Your money is still safe and can be disputed over a longer period of time. In most cases, credit card companies also offer free credit monitoring and may be able to flag an incident even before it’s noticed by the purchaser. That’s good peace of mind for shopping during Cyber Weekend.

Some more cybersecurity tips include making sure your device’s security software is up to date, using two-factor authentication for emails, logins and passwords, using unique passwords for each website, and using a secure “private” web browser to enter personal data and make purchases. Cyber criminals don’t just want you on their fake websites or filling out their fake forms. They want your passwords too, so stay vigilant and set your holiday shopping up for success from the start. There are password managers available out there that can generate unique and secure passwords and keep a private record of them, so you don’t have to remember every unique password you create.

For more Threat Report readings from NTT Application Security on how to stay cyber vigilant, click here.

Stay safe, stay secure and have a wonderful Cyber Weekend!