- As Thanksgiving 2023 approaches, consumers and retailers are gearing up for two of the biggest shopping extravaganzas of the year — Black Friday and Cyber Monday.
- However, cybercriminals also look forward to these two of the most profitable days, with some even commencing preparations as early as January.
- Both individuals and businesses are at risk and can be targeted. Here’s what experts want you to know this year.
Every year, the onset of the holiday season starting Thanksgiving is marked by two of the biggest retail shopping events in the U.S. — Black Friday and Cyber Monday — falling on the Friday and the Monday after Thanksgiving.
The upcoming Black Friday and Cyber Monday on November 24 and November 27, 2023, respectively, are expected to top out generated sales from 2022. Adobe Analytics assessed that consumer spending peaked at $9.12 billion on Black Friday 2022 and $11.3 billion on Cyber Monday 2022. According to Salesforce analytics, global online sales on Black Friday last year touched $40 billion globally by 5 PM ET.
However, the shopping frenzy also serves as a huge opportunity for financially-motivated cybercriminals to make a dishonest buck at the expense, but more importantly, the ignorance of unsuspecting shoppers.
Brian Boyd, head of technical delivery at i-confidential, told Spiceworks News & Insights, “Black Friday and Cyber Monday have become two of the biggest hacking days of the year because criminals can more easily slip under the radar and hide their scams behind the mass advertising campaigns run by genuine brands.”
The result? Barclays discovered that purchase-related losses from scams surged 22% during Black Friday and Cyber Monday 2022, with shoppers losing £970 (~$1,202) on average. This year, expect no different with cybercriminals preparing since the start of the year. NordLayer data indicates increased dark web searches for Black Friday or related keywords.
And even though scammers primarily target retail shoppers, it would be unwise for companies to let their guard down. “The scams tend to be consumer-driven, but enterprises must also be vigilant for a rise in attack activity and take the necessary steps to arm their networks,” Boyd said.
“Criminals will most often target employees with shopping scams and use these as a route into corporate networks, so it is essential organizations educate their employees on attacker techniques in the run-up to Black Friday and Cyber Monday.”
Here’s what consumers and enterprises should know for a safe and successful shopping season:
Watch Out for Malicious Emails
Phishing is one of the most common ways cybercriminals leverage to expose their targets to their malicious ways. Phishing and spear phishing emails, smishing messages, and vishing calls can all be sent as promotional communication for not-to-miss deals with the real intent of delivering malware or stealing credentials or financial information.
“The most important advice for employees is to be aware of email promotions which are advertising products at too good to be true prices. It is also essential to educate and improve awareness of staff on phishing emails and the tricks criminals will use to steal information, such as spoofing websites to steal credit card data and passwords,” Boyd added.
Tell-tale signs of phishing include unsolicited communication, grammatical inaccuracies, the content creating a sense of emergency/urgency, unexpected attachments, unfamiliar sender addresses, emails/calls at unusual hours, and more.
Boyd advises employees not to use the same password across multiple online accounts but to use multifactor authentication and email security tools.
Mike Newman, CEO of My1Login, concurred and added that organizations should limit employee access to passwords for an extra layer of safety. “Using a modern workforce identity management solution that provides Single Sign-On and enterprise password management enables passwords to be used where applications rely on them but have them hidden from the workforce significantly improves the user experience and enhances security,” Newman said.
“This means even when sophisticated phishing scams do reach a user’s inbox, they don’t have the ability to disclose their passwords because they simply don’t know them.”
See More: The Global Scampocalypse – Fraud Rules the Day
Adopt Email Marketing Policy Change
In October 2023, Google and Yahoo announced a policy change for marketing emails that dictates authenticating email messages for spam and scam prevention. Under the policy, companies sending more than 5,000 emails on either Google or Yahoo have to adopt the following three authentication methods:
- Sender Policy Framework (SPF)
- Domain Keys Identified Mail (DKIM)
- Domain-based Message Authentication Reporting and Conformance (DMARC)
“Recent announcements from Google and Yahoo are causing the worlds of marketing and cybersecurity to collide as email authentication standards shift from recommended security best practices to non-negotiable email marketing requirements: unauthenticated messages will be rejected. In other words, SPF, DKIM, and DMARC authentication protocols are effectively moving from the SOC to the boardroom. It redefines the baseline for email marketing,” Seth Blank, CTO at Valimail, told Spiceworks.
The new policy is slated to come into effect in February 2023 for Google and Q1 2024 for Yahoo. Still, Blank opined that 2023 is “noticeably different” from previous years as marketers want to differentiate themselves from scammers quickly.
“Astute marketers are actively collaborating with their cybersecurity peers to update their security posture early. This prepares them for the looming February timeline and provides an avenue to increase trust with their customers and protect their brand’s reputation this holiday season,” Blank added.
“Ultimately, in a landscape where every message counts, aligning with these standards will empower marketers to distinguish themselves, engage their audience effectively, and help ensure that this shopping season is a remarkable success.”
Be Wary of VPNs
VPNs certainly serve well in securing online communications, according to Don Boxley, CEO and co-founder of DH2i, but tend to be used fraudulently, especially in the context of Black Friday and Cyber Monday.
”Their [VPNs] inherent vulnerabilities and rampant misuse have exposed business organizations and their customers to various risks. For example, during peak shopping events like Black Friday and Cyber Monday, cybercriminals have exploited VPNs to manipulate prices, commit fraud, and gain unauthorized entry to areas such as payment systems,” Boxley told Spiceworks. “In addition, VPNs not only open the door but leave it wide open to network credentials, identity, and credit card theft.”
Boxley advises organizations to rely on the zero-trust-based software-defined perimeter (SDP) methodology for impenetrable cybersecurity. “SDP adopts a ‘zero trust’ approach, ensuring that trust is not assumed for any user or device. It rigorously verifies user identities and security postures, reducing the risk of unauthorized access, even in the presence of VPNs,” Boxley added.
“Additionally, SDP offers application-level access policies, network segmentation, and real-time monitoring, enhancing cybersecurity defenses. It empowers businesses to navigate the complexities of heightened online shopping activity during events like Black Friday and Cyber Monday, securely safeguarding both their operations and customer experiences.”
Don’t Forget Employee Experience-Driven Profitability
Heightened traffic entails a greater workload on employees, be it IT pros managing the underlying infrastructure or marketers and retailers vying to make the most of the demand. An overburdened employee can hamper the customer experience and, ultimately, profitability.
“During these peak shopping periods, employees often face intense pressure to manage increased workloads, which makes a robust EX critical. Companies that invest in their employees’ well-being through comprehensive training as well as supportive and unified work environments enable their workforce to deliver exceptional service,” Carolyn Clark, VP of EX Strategy at Simpplr, told Spiceworks.
“This commitment to EX pays dividends in CX, as happy, empowered employees are the bedrock of positive customer interactions. In turn, satisfied customers are more likely to make purchases and become repeat patrons, driving sales and fostering brand loyalty. Ultimately, the synergy between positive EX and CX during these high-stakes sales events can lead to a significant uptick in profitability, illustrating that a company’s financial success is closely tied to how it treats its employees.”
What are your thoughts on securing organizations and individuals this Black Friday and Cyber Monday? Share your thoughts with us on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock