The Black Friday Digest – How to stay safe online this shopping weekend

This Friday marks the beginning of the year’s biggest shopping weekend. In 2019, 142.2 million people shopped online in the Black Friday and Cyber Monday sales. With COVID causing national lockdown, shoppers are expected to avoid purchasing in-store, with 66% of people expected to increase their purchases online this year.

With just over £6 billion expected to be spent in the UK alone over this weekend, we’ve compiled the ‘Black Friday Digest’ – a report on the biggest risks to be aware of when shopping around this period, and how you as a business, online retailer, or customer, can navigate safely online throughout the course of this weekend.

What’s the main risk?

It’s been recorded that in the first half of this month there was an 80% rise in the amount of phishing campaigns related to shopping offers and special deals. In fact, 1 in every 826 emails is actually a phishing email related to the Black Friday shopping weekend.

It’s no secret that the biggest risk to shoppers around this time of year and in the lead up to the Christmas season are online, and most commonly are email-borne threats. Around 39% of shoppers look to their emails for information on promotions, and 38% use online research to shop around and find the best deal.

Whilst people are becoming savvier in identifying a phishing threat, so too are the cybercriminals launching the campaigns. Criminals lure their victims via sophisticated email design, most commonly in the imitation of an online retail giants and popular household names like Amazon, to phony websites and payment portals that allow them to harvest sensitive financial information from the victim.

But financial details are not the only pieces of information that cyber criminals can collect from these campaigns. False login portals can collect credentials that can be used by the cyber criminal at a later date, or sold on the dark web to another criminal actor. Many cyber actors will often leverage stolen credentials to access email accounts, spreading more fraudulent scams to contacts and seeking more of your personal data (like pay checks, passport information etc.) in your sent mailbox.

Who’s most susceptible?

Surprisingly, sites that sell fashion and clothing, or toys and jewellery are the most common marauders for email phishing scams. Larger ticket items, like electronics or furniture tend to be the least common. That being said, fraud scams will often coincide with the release of a new gaming console, such as the PS5 or Xbox X Series, so consumers must be on close guard – in particular the younger generations.

Nearly half of 18-24-year-olds have previously fallen victim to fraud, with 37% of them losing over £100, according to a recent study conducted by McAfee. It’s also been found that 74% of millennials do not notice whether Black Friday deals sent to their email or phone are authentic before clicking through to the link.

It’s thought that 42% of all shopping done this season will be also be conducted via smartphones; a mode that poses a risk to device security as well as the compromise of financial details. For many, remote working on personal devices is the current setup, but the result of a successful phishing scam linked to a device connected to the business network could unwittingly give surprise access to a hacker for abuse at a later date.

One particularly alarming statistic that has been found is that 12% of all Black Friday shoppers are drunk – this will inevitably interfere with identifying and hampering any potential fraud activity. A recent study from Verizon has found that, while only 1-5% of people click on phishing-related links, 15% of these people are successfully phished on more than one occasion.

What to do to stay safe…

As a customer: watch out for deals that are ‘too good to be true,’ as quite often, they are. Pay close attention to the URLs of the sites you visit and any redirections when it comes to using online payment portals. It’s also worth keeping an eye on the details that the site is asking you for. The NCSC has issued guidance this week advising shoppers to check out as guest, to reduce the amount of your information that can be retained by multiple sites. Monitor your promotions inbox and be sceptical of deals that don’t look quite right – if you come across an email that you aren’t sure about; you can report it by forwarding it to the Suspicious Email Reporting Service (SERS): [email protected].

As a retailer: ensure your business is using a reputable payment provider, and keep any and all online payment platform software up to date, to avoid hackers exploiting vulnerabilities in patches. It’s also worth noting the type of data you collect from customers, in order to identify a solution that will prevent fraud.

Serbus is an industry leader for secure communications and remote device security, providing solutions to the likes of the MoD, UK Government and world class brands alike. If you are interested to learn more about how we can help protect your business devices against external threat, keeping your company IP and customer data at the highest level of security, contact us for a chat. Email us on [email protected] or call our office +44 (0)1432 870 879.