5 Tips for a Safe Black Friday
On the eve of the Black Friday Sales which will predominantly be conducted online this year due to the restrictions in place, we have decided to put together some easy to follow tips to help you shop securely online:
1. Only shop on legitimate websites
Cyber criminals can clone well known websites to trick consumers into believing they are shopping on a legitimate website. A fake website can appear identical to the real site, particularly at a glance, however, there will be subtle differences present.
The indication of an illegitimate website could be pixelated images, broken functionality or poor misspelt content. Another key indicator that a website may be fake is the URL, it may be altered in some way. For example, a web address that ends in .ie may be changed to .com or .org. Or a URL could be misspelt on a malicious website.
Before entering any information into a website, you should ensure the site is safe and secure. To confirm a website is secure the first thing you should do is look for a padlock symbol in the address bar, and ensure the URL begins with ‘https://’, the ‘S’ indicates that this website has been encrypted with an SSL certificate. Entering information on a website without HTTPS could be intercepted by criminals.
Unfortunately, this system isn’t foolproof, before you purchase on any website, it is worth double checking the URL is correct and submitting it into a website safety check tool such as Google Safe Browsing or do a WHOIS lookup to see who owns the website. This quick sanity check may save you a lot of trouble.
2. Beware of Phishing emails and Social Media Scams
Phishing emails is one of the most popular forms of attack by cyber criminals simply because they work. The fact a cyber criminal can send the same email to thousands of potential victims, is convenient and can allow cyber criminals to steal your personal data without you even realising.
Black Friday and Cyber Monday typically sees a rise in phishing attacks, with malicious emails offering cash prizes or last minute deals designed to trick unsuspecting consumers. Phishing emails may appear to come from a well-known brand, even one you’ve bought from before, but like with websites, all may not as it seems. Before clicking a link in an email you should always verify the URL you are being redirected to is real. Check the email address of the sender and keep an eye out for any low resolution images or grammar errors within the body of the email.
With the increase of social media use, this has also drawn cyber criminals to these platforms. Criminals tend to upload posts containing malicious links bringing unsuspecting victims to fake websites. As it is harder to determine if a link is malicious on social media, it is always best to google the offer you see and see if you can find out anymore about it from a legitimate source, again checking each URL before clicking.
3. Use Credit or Pre-Paid Debit cards where possible
It is always best to use a credit card when shopping online where possible. Credit Cards offer additional protection in comparison to other forms of payment, most major credit card companies such as Mastercard and VISA provide “zero liability” policies which make it easy to claim money back if you are the victim of cyber fraud.
If you don’t have a Credit Card, another alternative is to purchase a Pre-Paid Debit card. These cards allow you to upload a certain amount of money ahead of shopping which you can then spend. These provide you a safeguard as they allow you to segregate your actual bank debit card and card details with online shopping. If a cyber criminal gains access to your debit card details, they can take money from your account which can be hard to claim back as it can be very difficult to prove.
4. Avoid Public Wi-Fi
When shopping online, it is always best to use a secure internet connection such as your mobile phone’s data or a private Wi-Fi connection like your home internet.
Where possible public Wi-Fi should be avoided when conducting financial transactions or accessing private information. The majority of public Wi-Fi requires no authentication to establish a connection and begin browsing. This can provide cyber criminals with some easy pickings as they can gain direct access to any unsecured devices connected to the same open network as them. Once they have gained access they can steal valuable information such as login passwords, card or other financial and personal information.
Cyber criminals can also spread malware across public Wi-Fi which could provide cyber criminals with unrestricted access to everything on your device.
5. Update / Install Security Software
Before you go online to take advantage of the Black Friday deals or indeed just to conduct some shopping, you should check that your antivirus and security software is up-to-date. Security software suppliers continuously release updates to patch any vulnerabilities which may have been uncovered. Having the most up-to-date antivirus, web browser latest version installed, and Operating Systems patches installed, such as the latest Windows updates will limit hackers exploiting known security vulnerabilities in outdated versions.
If you don’t have any antivirus or patches and updates installed on your computer, you should make this your first Black Friday purchase.
Although cyberattacks and data breaches are on the rise, it is still possible to safely shop online. Nobody should be afraid to do so, you just need to stay vigilant and proactive while shopping online. Above all, you need to be realistic, if you come across a deal that seems too good to be true, then it may be best to air on the side of caution.
We hope these tips provide you with some useful guidance and information ahead of your shopping.
Concerned about the security of your organisation?
Secora Consulting provides a range of services that can help you to assess the security of your organisation. Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration test services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.
Get in touch today and discuss your options.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.