1. Home
  2. >>
  3. cyber
  4. >>
  5. Black Friday: beware of cyber attacks

Black Friday: beware of cyber attacks

Black Friday: beware of cyber attacks

The urge to do some good business for the Black Friday involves many consumers who shop online. Unfortunately, with all this euphoria, the fundamentals of online security are often forgotten, making consumers and retailers easier and more attractive targets for cybercriminals.

Verizon Business’ Data Breach Investigations Report 2021 (2021 DBIR) recently highlighted that hackers mainly target confidential data stored on devices within stores, including consumer payment details (42%), information personal (41%) and credentials (33%).

If something sounds too good to be true, it probably is!
The retail sector – Black Friday, but not only – continues to be a target for cybercriminals who, driven by economic reasons, try to obtain the codes of the payment cards and the personal information of the customers. Among the main social engineering tactics used by hackers are pretexting and phishing, which according to DBIR 2021 data are used in 77% of retail breaches, with the former commonly resulting in fraudulent money transfers.

  Amazon: many offers during the Black Friday week

Land phishing campaigns can be divided into four distinct groups: a scam, such as the email of a relative who is trapped overseas and needs money to get home; brand impersonation, the message appears to come from a bank or a trusted brand that requires the user to confirm a payment or take advantage of a special offer; extortion, designed to scare the user and ultimately Business Email Compromise (BEC), a highly targeted attack on a company or individual. All campaigns invite users to click on links, to direct them to fake pages or to induce them to send confidential information.

During the pandemic, the use of QR codes as a way to order and pay easily has also increased among smaller retailers and hospitality businesses. However, consumers should be careful as these codes could lead to suspicious URLs that, without their knowledge, could make payments, send location details, and connect to their social profiles in an attempt to steal personal credentials and payment information.

  Are ecommerce not ready for Black Friday? Here’s how to do it

If a retail company makes offers on their products too good to be true, then they probably are! For this it is better to avoid clicking on the links of these “occasions”. Obviously the main advice for escaping phishing scams is not to open emails that seem suspicious, even if nature and human curiosity make this easier said than done.

For this, regular training of resources is the best defense, to explain to them the tactics used by phishing campaigns and how to spot them, to protect confidential company data and to help employees use ecommerce.

Keeping the bar straight on safety: the responsibility of the retailer
Retailers today must protect the security of their own data and that of their many customers. In an increasingly digital age, it is important for companies to employ all possible solutions, as is having awareness of the strategies used by cybercriminals, at all times of the year and not just on Black Friday. Having an open mind towards the latest technologies is a valuable way to always stay one step ahead of aspiring hackers.

  With no time to die, Black Widow and other movies could delay their releases imminently

The data show that in the ultimy five years 35% of the 1,354 breaches that led to the theft of payment card information were due to compromised cash register (PoS) systems used in brick-and-mortar stores; while 38% came from compromised web applications, such as online shopping sites.

These web attacks compromise a website’s payment application by installing a code within the app to capture customer payment card information as they complete their purchases. These violations probably don’t make the news, but they can still have serious consequences. Today’s cybercriminals aim to target vulnerable e-commerce applications that allow them to launch effective and automated attacks.

  Pearl Abyss Art Center: here is the new hub of the Black Desert studio

What can companies do to mitigate this threat?

* Understand the importance of software that monitors file integrityCybercriminals targeting web applications don’t target inactive data. Rather, they enter a piece of code to capture customer data as they fill out web forms. To combat this, companies can use software that monitors the integrity of files, adding them to the antimalware system of their payment sites, and patching the operating system and payment application code.
* Embrace innovation: focus on new technologies that make it more difficult for criminals to exploit PoS terminals. These include EMVs and digital wallets, or any other method that uses a one-time transaction code, as opposed to what PANs do.

  Apple will soon launch the black Milanese Loop strap for the Apple Watch

Safety is everyone’s responsibility
One thing is certain, data security, regardless of where it is stored – in store checkout tools, on a mobile device, on a social account or on a computer – is everyone’s responsibility. Consumers need to be diligent and know who they share their data with and how they interact online. Likewise, retailers have a primary responsibility to protect not only their own brand and data, but also those of their customers who trust and trust their brand.

For many retail organizations, especially smaller ones, the implementation of large-scale security solutions is neither cost-effective nor feasible, but every measure is implemented, however smallit can have a very beneficial impact when it comes to detecting and deterring cybercriminals, not going to intensify it only on Black Friday but throughout the twelve months from the calendar year.