For a day in the year (23 November of this year), retailers take advantage of the appetite of consumers to go through offering "leader leaders", which they advertise widely through email and social media. The purpose of these offers is to attract buyers to retail outlets and stores and to convince them to buy more than the TV that is great to be real for the R500. And cyber criminals know and benefit from it.
There are good news and bad news for buyers of Black Friday this year. The bad news is that cyber criminals use new tactics that make it hard to find false deals. The good news is that with strong cyber awareness training, understanding of new attack methods and advanced e-mail security systems, consumers can protect their money and personal data while businesses can better protect sensitive data and systems.
Old dogs, new tricks
Black Friday is like Christmas for hackers. While you are buying opportunities, they buy your credentials, which they use to connect to your bank internet and other online accounts to steal your money. If cybercriminals have login, they can access your profile even on websites that apply good security practices. Criminals hit various online services with credentials in the hope that the password and username will be accepted as legitimate.
Black Friday is growing every year in South Africa. Last year, sales increased by 2571% compared to 2016 as more retailers fell in fashion. This year will be even bigger, which means unnatural and unknown consumers – many of whom work for business – are ripe for choice. And chances are they do not know the new tactics used against them.
Forget everything you know about cyber security
Okay, maybe not all. But much of what we know about cyber security, and the tips and tricks that protect us in the past, are no longer valid for some phishing attacks.
As we have already learned, they often tell us to be suspected of cheap ridiculous deals, but Black Friday is ridiculously cheap, so we are not likely to question the R500.
Another thing that tells us is to look for the green or black padlock on a website or, very importantly, on the https of the website URL. But we can not trust it anymore. This is because cyber criminals can create or buy a real security certificate for their bogus website within minutes. A site has issued over 14,000 SSL certificates on "PayPal" sites – 99% of them used for phishing fraud. So while a fake website it looks safe, really is not.
Well, what safety tips They are still applies;
- Be careful about spelling errors in your emails. While phishing emails with dozens of grammatical errors are gone, many cybercriminals still deliberately include some to filter intelligent people and target those who do not pay attention
- Do not click on links within emails. Enter the site address directly into your browser. If you can not find the agreement that was advertised in the email, you need to hit warning bells.
- Check the sender's address. Takealot will not send you an email from a Gmail account, it will use its domain.
- Be clever the password. Do not reuse passwords on multiple services
- Use two-factor authentication (2FA), where possible: This makes it harder (but not impossible) for criminals to use your username and password if your credentials have already been stolen.
New and evolving attack methods
Cybercriminals increasingly use different forms of domain similarity – when changing distinctive characters and words into URLs and email addresses to match a trusted organization. These types of attacks often bypass certain e-mail security systems because websites and e-mail senders are not known to be malicious.
To create search domains, attackers often use non-western character sets to display letters that look like a naked eye. Mimecast.com, for example, looks like mіmesaѕt.com in Cyrillic. You may think that we get fantasy with our font. It was not. Together with a legitimate certificate, it becomes much harder to find a fake site.
This creates the preconditions for successful phishing attacks: Nearly half of all South African companies, in a recent Vanson Bourne and Mimecast research report, saw an increase in targeted phishing attacks with malicious connections last year.
Quick advice: Please check the URL carefully. A very large URL can be a sign that the site is bogus. However, these are difficult to locate when browsing a mobile phone, unless you move all the way. Rather check your computer to be sure.
Stay safe in the wild
Consumers and businesses can stay safe on this Black Friday.
- Be suspicious by default. Do not trust any email and go straight to the retailer's site instead of clicking on links.
- I create one separate e-mail address when signing up for Black Friday notifications. Do not use your work or personal email.
- Use one separate credit card for online shopping to limit your losses if you They are attack.
- Consult regularly awareness raising training to ensure that all employees are aware that they detect potential cyber threats. Human beings are the greatest risk in cyberspace and its best defense against cybercrime. During high-risk periods, such as Black Friday, users are unaware that they could expose the organization and its families to the unwanted cyber-risk. Focus on implementing effective, up-to-date training techniques and create a human firewall around sensitive company data.
The threat landscape has evolved again. We can never leave our guard down and we have to assume that we are never completely safe – even if we have strong security systems. Apple CEO Tim Cook said recently that cyber resistance is like running in a corridor. You can not stop. If you do, you will fall and you may be injured.
Think of Black Friday's messages as you would make black Friday monsters outside the Checkers. When you are distracted from pushing and hitting, you are not likely to notice the wallet until it takes off with your wallet.
Stay alert. Stay safe. And happy shopping.