From Malwarebytes Labs
Shoppers familiar with the Black Friday and Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season.
In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social engineering scams, malspam, and malicious, spoofed websites in order to dupe the droves of Americans expected to spend US$87 billion, or an average of about $400 per shopper on Black Friday weekend.
Foot traffic on the holiday weekend is decreasing exponentially, with more and more shoppers turning to the Internet for deals rather than waiting in long lines at late hours for brick-and-mortar stores. Last year, Black Friday raked in a record $6.2 billion in online sales alone, a 24 percent increase from the year before. About $2 billion of those purchases were made on mobile phones.
So, bargain hunters, rather than camping out in the cold or bracing for the stampede, you’ll need to be on the lookout for a different kind of danger: the Wild West Web. Here’s your guide to safe online shopping on Cyber Monday and beyond.
- Go directly to a store’s website instead of using search engines to look for deals. If you happen to find a deal using a search engine, try to verify it by searching for the exact name of the deal in quotes. If it’s a scam, then it’s likely someone will have already put out a warning.
- Give pop-ups and other digital ads the stank eye. Many pop-ups could contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. If a coupon seems to come out of nowhere with a too-good-to-be-true offer, don’t think twice. Just click that “x” and shut it down.
- Watch out for social media scams, especially on Facebook. Cybercriminals are using fake or compromised Facebook accounts in order to post links to amaaaaaazing deals that don’t actually exist. They’re especially prone to dropping links on the walls of open groups dedicated to shopping.“One of the top shopping scams to avoid in the run-up to Cyber Monday is the social media fakeout,” says Chris Boyd, Lead Malware Analyst at Malwarebytes. “During any given holiday period there will be an excess of fake offers, deals, and supposed freebies which tend to have a sting in the tail. If you’re being asked to share something on Facebook in order to get your hands on something too good to be true, you can bet there’s a scam involved.
- Dump Cyber Monday emails with attachments in the virtual garbage. Cyber Monday emails with attachments, especially Microsoft Word docs or PDFs, are super suspect—it’s possible, in fact likely, that they contain malware. Delete them immediately. Not only that, but you should review any other Cyber Monday–related emails with a hawk eye: online crooks love using newsworthy events to scam innocent, potentially naive, people. If you get an email from a store claiming to have a deal, type the store’s URL directly into your browser instead of clicking on the link. If the site doesn’t verify the deal, you know it’s a fake.
- Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL when you go to check out. If it’s there, then that means the information passed between a store’s server and your browser remains private. In addition, the URL should read “https” and not just “http.” The padlock alone, however, may not be enough. For additional security and privacy, consider using a reputable VPN that will encrypt traffic passed between web servers. Mobile shoppers may also want to consider VPNs, especially if they’re not on a secure Wi-Fi connection.
- Do not use debit cards to shop online. Want to give cybercriminals direct access to your bank account? Then by all means, use your debit card. Otherwise, play it safe by using credit cards or a PayPal account that’s linked to a credit card. While many banks are cracking down on fraudulent withdrawals, you’ll still have to wait for your money while they investigate the charges.
- Avoid using public Wi-Fi to shop. All a cybercriminal needs to do to get a public Wi-Fi password and wreak havoc is order a coffee. If you’re shopping and entering personal data, usernames and passwords, or payment information, best to do it on your secure, password-enabled connection at home.
- Watch out for malicious QR codes. Q what now? QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to a phishing or malware site, printing them on stickers, and placing them on top of the legit QR codes. Best to avoid them.
- Don’t fork over extra info. If a site starts asking for out-of-the-ordinary personal data, like Social Security numbers or password security questions, slam on the brakes and get the heck out of Dodge. A surefire way to know you’re being had is if the information is not necessary for the purchase or functionality of the platform. Why would this shopping site need access to my contacts or camera? It wouldn’t…unless it were trying to spam all your contacts or extort you for cash.
- Tighten up security before you shop. Make sure all software on your computer is up-to-date, including your OS, browser, and other apps. And if you don’t already have it, install a cybersecurity program on your desktop (whether it’s a Mac or PC) that prevents malware infection to insure maximum coverage. In addition, since mobile shopping is set to outpace shopping on any other device this holiday season, it’s a smart idea to download a cybersecurity program for your Android or iPhone. If you’ve already covered your cybersecurity bases, make sure you run updates on all those programs as well.
Happy, and safe, holiday shopping everyone!