True North Networks Blog
Black Friday 2019 Security Threat: U.S. Government Advises Consumers To Stay Vigilant
This year, like every year, Black Friday happens to be the day after Thanksgiving and, in effect, marks the start of the holiday shopping season. Consumers may well get more than they bargained for this November 29, as cybercriminals seek to exploit the retail feeding frenzy. Such is the concern over the potential for malicious activity that one U.S. Government agency has issued a statement advising consumers to "remain vigilant" and take precautions to avoid falling victim.
Why is Black Friday a security risk?
Black Friday is a big deal; of that, there can be no doubt. In 2018 more than 165 million people shopped over the Black Friday weekend, with $6.2 billion (£4.8 billion) in online sales on the Friday alone. This year it has been predicted that Black Friday sales will hit $7.5 billion (£5.8 billion.) This pales almost into insignificance when compared to "Singles Day," the November 11, 2019 one day sale at China's Alibaba online shopping empire. In the first 16.5 hours alone, it has been reported, some $31 billion (£24 billion) in sales were racked up.
Taking all of this into account, you don't have to be the Sherlock Holmes of cybersecurity to work out why such holiday season sales days are a prime target for cybercriminals. The vast majority of cybercrime is financially motivated, and following the money makes Black Friday a veritable magnet for criminal chancers of all varieties, which means more links and attachments delivering malware, more social engineering to separate you from your login credentials and more need for security awareness to be front and center.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a "current activity" statement encouraging internet users to remain vigilant. CISA is part of the Department of Homeland Security (DHS) established when President Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018 into law. It has a brief to act as the risk advisor for the U.S. and work with partners to "defend against today’s threats," as well as collaborate to build a more resilient infrastructure in the years to come. You may recall CISA issuing a warning about a Windows BlueKeep exploit recently, for example.
Current activity statements are issued as part of the CISA National Cyber Awareness System, providing "up-to-date information about high-impact types of security activity." The latest posting relates to holiday season shopping, phishing and malware scams. "As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online," the statement read.
What should you watch out for this Black Friday weekend?
The timing of this is all-important with Black Friday less than three weeks away as I write. The CISA warns that cybercriminals may send emails containing malicious links or attachments. "Scammers and criminals are often looking for events to use as a hook for their scams," Javvad Malik, security awareness advocate at KnowBe4 said, "increasingly, we've been seeing more people targeted during the holiday season."
Because consumers often spend more on big-ticket items than usual it is easy to lose focus when an email or text message arrives purporting to be from a credit card provider or bank regarding a "suspicious transaction" or alerting them that the account has been frozen on security grounds. These, along with fake Amazon shipping invoices, for example, have a higher chance of users clicking on the links or downloading attachments than usual according to Malik. "Even during holiday times, people should remember that scammers will often use the same tactics of instilling panic or fear into their victims in order to get them to respond quickly without thinking of the implications, or what the proper process should be," Malik said.
CISA National Cyber Awareness System guidance
CISA encourages Black Friday shoppers, and everyone else as the holiday season descends upon us, to be vigilant and recommends the following National Cyber Awareness System resources:
Using caution with email attachments.
Avoiding social engineering and phishing attacks.
Shopping safely online.
Retailers also at risk during Black Friday sales
Security vendor Kaspersky, meanwhile, warned that retailers, as well as consumers, will find themselves in the cybercriminal cross-hairs this Black Friday weekend. "As the attention of your business focuses on accommodating the proverbial stampede of shoppers, there’s a good chance you could be too distracted to notice attacks in progress," a Kasperskyblog posting stated, "When that happens, hackers might target your website to lead online shoppers to malicious clones to try to steal personal or payment information." Like the CISA, Kaspersky recommends staying vigilant is the best defense for retailers just as it is for consumers.