Staying Safe Online During Black Friday and Cyber Monday

<h2>Introduction</h2><p>The countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th.  Black Friday and Cyber Monday have arguably become two of the most important and notable days in the retail calendar as it kicks off the holiday season for shoppers who expect huge price reductions and unique deals.  According to the <a href="https://nrf.com/media-center/press-releases/consumers-will-spend-41-percent-more-last-year-during-winter-holidays" target="_blank">National Retail Federation</a>, they expect 55% of consumers to shop online making protection of e-commerce platforms a critical aspect of businesses cyber resilient strategy and requires consumers to be savvy about secure Internet browsing and online shopping behaviors.  With the start of the holiday shopping season and rise of online transactions, cybercriminal actors also seek to profit by tricking consumers into divulging personal and financial data or exploiting weaknesses in merchant websites.</p><p style="text-align: center;">.<img alt="" src="https://cdn.filestackcontent.com/5J7M1LTeRaqDQiMkTMKZ"/></p><p style="text-align: center;"><strong>Figure 1. Threat actor motives within breaches over time (Verizon DBIR 2018)</strong></p><p>A good indicator of recurring illegitimate activity targeting consumers is compiled within the Symantec Monthly Threat Report which highlights that “Fake Offer” scam types are the fourth most popular in this category. It is expected that these attempts will increase in the run up to and during Black Friday.</p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/JKzMzvFTWG142dUY8AzA"/></p><p style="text-align: center;"><strong>Figure 2. Top social media scam types (Symantec Monthly Threat Report)</strong></p><p>Unsurprisingly, email remains the most common vector in cyber incidents and breach exposures.  As the leading form of business to consumer communication, with a reported ~205 billion emails being sent a day, phishing email campaigns provide an accessible and low-cost route for cyber threat actors to illegitimately access credentials, financial data, and other sensitive information. According to the most recent data from Google’s Safe Browsing service, there is about a 35% uptick in phishing sites in comparison to the prior three months, which could suggest malicious actor preparation is already afoot for the upcoming online holiday shopping season.</p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/cqRZ2YwgRZS5igzmInqL"/></p><p style="text-align: center;"><strong>Figure 3. Unsafe websites detected by Google Safe Browsing from 08/26/18 to 10/21/18</strong></p><h3><br/> <strong>Three Common Black Friday and Cyber Monday Scams</strong></h3><p>The holiday shopping season is a lucrative time of year for consumers to save money on their expenses and presents an opportunity for scammers and fraudsters to prey on these online shoppers to make a profit.  With the unprecedented levels of web traffic anticipated, several risks are lurking around the corner waiting to victimize online shoppers. Three of the common Black Friday and Cyber Monday scams, we have recently observed and expect to continue are fraudulent shopping site mimicking popular brands, faux gift cards and vouchers designed to steal sensitive information, and special offers and discounts enticing shoppers to navigate to malicious sites or execute malware-laden documents.</p><h4>Fraudulent Shopping Sites</h4><p>Fraudulent online shopping websites involve scammers pretending to be legitimate online sellers, either with a fake website or a fake advertisement on a genuine retailer site.  These sites tend to use sophisticated designs and layouts and possibly stolen logos. Oftentimes, they offer luxury items of popular brand names for clothing, jewelry, and electronics at extremely low prices.  In the below example, a suspected fraudulent site mimicking a well-known retailer was created with a Black Friday 2018 naming convention and several links to articles of discounted sites for apparel from brands such as O’Neill and Adidas.</p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/FgbbegblTSW5PwwPWjaC"/></p><p style="text-align: center;"><strong>Figure 4. Black Friday-themed fraudulent website</strong></p><h4>Gift Cards and Vouchers</h4><p>Another common technique employed by fraudsters and scammers are special Black Friday and Cyber Monday gift card or vouchers offering additional discounts on specific categories of items or storewide products or services.  Oftentimes, these fraudulent gift cards and vouchers are delivered through spam or phishing emails containing malicious file attachments such as Microsoft Word documents or links to malicious websites that infect the victim’s device or steal their personal and financial data.  For instance, earlier this year, a cybercrime actor presumably sent out a phishing email laden with a macro-based malware hidden in a Microsoft Office file allegedly offering an extra 30 to 35 percent off on items at an undisclosed retailer to infect their victim’s system.<br/>  </p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/Wm3LKO5YTfqShl36PDmA"/></p><p style="text-align: center;"><strong>Figure 5. Malicious Microsoft Word file disguised as Black Friday-themed voucher</strong></p><h4>Special Offers and Discounts</h4><p>Scammers take advantage of consumers desire to save money by advertising limited-time offers or deeply discounted prices for products such as mobile phones, televisions, and other high-priced items.  These offers or discounts commonly arrive in spam or phishing emails with embedded hyperlinks to fraudulent web pages that appear legitimate and designed to trick the consumer into entering their user credentials or payment card information.  For example, our team discovered a phishing site mimicking a popular Brazilian retail chain “Lojas Americanas” that offered 55% off the regular price of a Samsung Galaxy smartphone hosted at americanas-black-friday[.]com.<br/>  </p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/eQwI3t5SSZmnojmTvQs9"/></p><p style="text-align: center;"><strong>Figure 6. Special offer for a Samsung Galaxy smartphone hosted on a phishing site mimicking the Lojas Americanas Brand</strong><br/>  </p><h3>Staying Safe Online</h3><p>Online shopping brings the advantage of choice, convenience and possibly the best deals during the Black Friday and Cyber Monday events.  To avoid being duped by fraudsters and scammers, here are some security tips to lower your risk of falling victim to online fraudulent activity:</p><ul><li>Always be wary of emails or messaging which urge you to click on a link or attachment. It is anticipated that sale and deal alerts and postage and delivery communications will rise considerably during this time. If in doubt about the authenticity of the email or message, contact the sender organization directly to validate the communication.</li><li>If undertaking an online transaction, ensure that the payment page communications are encrypted by checking that the address begins with ‘https’ (as opposed to ‘http’) as a basic step. A padlock symbol will also be displayed in upper-left hand corner of your browser.</li><li>Across all personal devices, ensure you are running the latest operating system (OS) and application versions. Unpatched systems and software expose vulnerabilities which could be exploited by cyber threat actors.</li><li>Where possible, pay by credit card as they typically offer greater protection against fraud in comparison to other payment methods.</li><li>Always use strong and unique passwords and never disclose these to anyone. Credential stuffing is a common tactic employed by cyber threat actors whereby if one set of credentials is exposed, they will use an account checker to test these credentials against other websites (social media sites and online marketplaces etc.). If successful, they can acquire more data and use this for further nefarious purposes.</li><li>Consider investing in a dedicated password manager/vault application to securely store your passwords and enable multi-factor (2FA) authentication where possible.</li><li>Install an ad-blocker on your web browser. Browser and host exploitation can occur via malvertising when online advertising space is used to distribute malware.</li><li>Beware of deals or subscriptions that look too good to be true because usually they are.</li><li>Stay up-to-date with cyber security developments with the <a href="https://www.anomali.com/community" target="_blank">Anomali</a><a href="https://www.anomali.com/community" target="_blank"> Weekly Threat Briefing</a>.<br/>  </li></ul><h2>Conclusion</h2><p>According to Cybersecurity Ventures cybercrime damages will cost the world $6 trillion annually by 2021 with existential concern for retailers. The impact to consumers is also grave; from personally identifiable information (PII) data potentially being illegitimately acquired and misused and fraudulent transactions being processed. Following the above guidance will drastically reduce the risk of being caught foul of cyber criminal activity this Black Friday and Cyber Monday and beyond. Anomali continues to arm security teams, including those within the Retail industry, with highly optimized threat intelligence to detect threats, understand the adversary, and respond effectively.</p><p>Anomali partners with the <a href="https://r-cisc.org/" target="_blank">Retail Cyber Intelligence Sharing Center</a> (R-CISC) which is the cybersecurity community for all retailers and commercial services entities, connecting all aspects of consumer products, goods, and services industries throughout the ecosystem and supply chain. Forming a trusted arena for the sharing of critical strategic and tactical information between members and industry partners across the globe for the purpose of collaborative and innovative problem solving, the R-CISC is the information sharing source for cybersecurity risk management.</p>