Black Friday deals are everywhere. Some of the deals just seem too good to be true. In a brand new report, threat researchers at cybersecurity firm Check Point warn that the increasing risk from cybercriminals over the holiday season means we should modify how we shop online.
When Check Point created their report in mid-November 2019, “even before the peak of Black Friday and Cyber Monday,” the team explains, “the use of retail phishing URLs had more than doubled—up by 233%.” A week later, by the time this article was published, that had jumped even higher, to 275%.
The U.S. sales season is a $144 billion bonanza, up 14% on last year, and running through late November to Christmas. Almost $30 billion will be spent just over the Cyber Weekend.
So how easy is it? It starts with a “lookalike domain,” plausible enough to trick consumers. “A lookalike domain needs to appear close enough to a known domain to avoid raising the suspicions of prospective customers.” Fake domains are prolific.
Check Point’s advice is clear. Don’t click on the promotional links in Black Friday (or Cyber Monday) emails. Instead Google the retailer and click on the real link. Then you can safely navigate to the sales pages and the offers. Here are the Black Friday and Cyber Monday Top 10 Fraud Alert Tips you can send to your users.
"Email is one of the best promotional channels, which is why it’s so open to fraud,” Dembinsky warns. “Retailers will continue to send out emails and fraudsters will keep taking advantage.” And the numbers are spiralling. “This week,” he says, “is already 30% up on last week.” More detail at Zak Doffman's Forbes article.