Cyber-security experts have warned retailers and consumers to be on high alert over the busy Black Friday/Cyber Monday shopping season as online criminals look to cash in.
The Friday and Monday immediately following Thanksgiving in the US has become the biggest shopping period of the year in that part of the world and multi-national retailers in the UK have also begun to offer Cyber Monday deals and discounts in recent years.
However, cyber-criminals are likely to take advantage of distracted consumers, warned KPMG cyber-security practice director, Del Heppenstall.
“A ‘promote and deliver at all costs’ mentality may drive immediate sales, but the long-term cost if customer data is compromised will outweigh any profits made on the day,” he argued.
“Cyber-criminals may not be able to turn what they discover into cash immediately, but what they glean can provide a gold mine for identity theft if login, payment and other details are easy to access. It’s with this in mind that retailers and consumers must work hand in hand; if they don’t Cyber Monday could come crashing down.”
Messaging security vendor, Proofpoint, added in a blog post that social media spam and phishing messages could be rife.
One early example is a fake ‘Amazon Gift Card’ promo Facebook page which takes users to a “suspicious” download site.
“In this regard, the retailers whose branding and creative are stolen are also victims, much like in malvertising based on poisoned ad networks,” Proofpoint argued. “For any retailer investing in Cyber Monday, accounts like these steal visitors, siphon sales, damage the brand, and hurt customers who fall victim to their scams.”
Centrify EMEA CTO, Barry Scott, urged shoppers to beware links in unsolicited emails and to only shop with reputable sellers – whose URLs they should take care when typing in for fear of landing on a spoofed page.
“If an online retailer requests a password for your email and bank account as part of the shopping process, do not enter it, and be sure to use different passwords for online retailers than those used on email and bank accounts,” he added.
“If a hacker attains the password for one particular site, they will then have access to many.”