Written by Aamir Lakhani, Global Security Strategist and Lead Researcher for FortiGuard Labs
Another year, another cyber Monday—and another opportunity for cybercriminals. But unlike previous years, the 2020 holiday shopping season is already expected to pose more challenges. As concerns around COVID-19 discourage the popular in-person deal hunting, more shoppers are expected to descend upon e-commerce. And many sought-after items could be in short supply. As a result, both consumers and retailers must be especially wary of opportunistic scammers who will offer too-good-to-miss deals in order to steal sensitive information and profit off their victims’ losses.
While many of us are readying our credit cards, holiday shoppers will also want to take some extra time to consider who might be able to access the data you’re handing over. As we learned early in 2020, cybercriminals will be especially active this year, ready to launch an attack wherever they see an opening. From phishing scams to malicious applications, they’re waiting for unsuspecting shoppers to be lured into their traps—which means the best way to mitigate your risk is by remaining vigilant.
More Shoppers Relying on E-Commerce This Holiday Season
Since COVID-19 made its way across the global retail landscape in early 2020, more shoppers have switched to e-commerce as their preferred method of obtaining the clothing, electronics, household items, toys, and other gifts they seek. And while we have seen a steady increase in online shopping over the years. This year’s holiday shopping is anticipated to smash previous records. In fact, a report by Google revealed that 75% of consumers plan to rely more on online shopping this year – and retailers are preparing their inventory accordingly.
Meanwhile, in the background, cybercriminals are simultaneously planning their attacks. They’ve already profited immensely from other aspects of the pandemic, as we saw as early as March. And they’re expecting opportunities related to holiday shopping to be equally profitable.
Your Guide to Shopping Safely Online This Cyber Monday
This Cyber Monday, shoppers should prepare for both traditional online shopping risks as well as new pandemic-themed e-commerce threats. We’ve outlined some of the most important ones below, along with some best practices to avoid falling victim to them:
- Public WiFi: Shopping at home on a private network is one thing. However, you may want to think twice before making online purchases using a public WiFi connection from a coffee shop, mall, or grocery store. Cybercriminals more frequently hack these networks to intercept your data. They may even camp out in public areas, broadcasting a hotspot labeled “Free Public WiFi” that, when an unsuspecting visitor connects, can be used to capture all of the traffic moving between the device and an e-commerce site (or any website, really). Avoid public WiFi if possible unless you have a secure VPN connection and wait until you are home to connect to a secure, trusted network.
- Fake E-Commerce Sites: Plenty of fake shopping sites emerge during the holidays, designed to lure consumers into providing credit card or personal information by offering impossible-to-beat deals or access to hard-to-find items that, in reality, don’t exist. If you’re visiting an e-commerce site for the first time, do some research to verify its legitimacy before making a purchase. Look up reviews across the internet, make sure the company has a physical address and phone number listed, and stay away from sites that require direct payments from your bank, wire transfers, or ask for gift cards as a form of payment.
- Credit Card Skimming Software: Credit card skimmers aren’t limited to physical retail stores—they can be found online, as well. Point-of-sale (POS) RAM scraping malware has become increasingly popular among cybercriminals in recent years. First, attackers must gain access to a point-of-sale system, such as a shopping cart application. They then infect the host with malware designed to scrape credit card data from the source. The transaction still goes through, but all of the credit card information is also collected. As a consumer, it’s not always easy to avoid credit card skimmers but the majority of large, reputable retailers now have measures in place (like a web application firewall) to prevent them.
- Web-Based Malware: FortiGuard Labs identified web-based malware as the most common vehicle for delivering malware during the first half of 2020, commonly used as part of phishing campaigns and scams. This attack vector outranked email as the primary delivery vector used by cyber criminals for the first time in a while. This year, consumers should be mindful of suspicious websites or advertisements that direct them away from whichever trusted site they’re browsing or that lure them with enticing deals. In some cases, all it takes is a momentary visit to a malicious webpage to infect your device.
- IoT and Router Attacks: While not directly related to Cyber Monday, exploit attempts against consumer-grade routers and IoT devices continue to increase. Many people are still working remotely this holiday season. Those who may be looking to upgrade their home offices or other at-home technology should take network security into consideration before making purchases. While hacking the data on your smart thermostat, for example, isn’t really the problem (threat actors aren’t really interested in how warm you keep the house in the winter), they could employ reconnaissance hacks to discover your passwords for your corporate WiFi network or your login credentials for automatic online purchases.
- Hijacked Online Services: We continue to see cybercriminals exploit millions of premium streaming entertainment accounts. Oftentimes, account information is stolen and then listed for sale on Dark Web black market sites. If you’re gifting a streaming subscription to a family member or signing up to take advantage of a Cyber Monday promotion yourself, remember to monitor remote usage, such as notices about unfamiliar logins to your subscription service, and contact the provider if you notice any suspicious activity.
Promote Safe Online Shopping Habits
The best way to avoid falling victim to a Cyber Monday attack is to practice safe online shopping habits. Use common sense when browsing online and stick to trusted retailers for holiday deals and promotions. And when you make those purchases, credit is the best way to buy (as opposed to debit). Credit cards offer built-in consumer fraud protection, so you’re more likely to get your money back if a worst-case scenario comes true.
While the ability to purchase goods, send gifts, and connect to loved ones over digital networks has been incredibly valuable over the course of the pandemic, it’s important to understand that these conveniences are not free of risk. Rather than getting caught up in the rush and excitement of Cyber Monday shopping, take a moment this year to pause and revisit cybersecurity best practices. And don’t forget to pass on your knowledge to your friends and family, as well. This way, we can all enjoy a safe and relaxing (albeit socially distanced) holiday season. They might also consider that advice the best gift they get this year.