Elad Schulman is the CEO and Co-Founder of Segasec. Elad has a vast background in enterprise software and cybersecurity from corporates (SAP, HP), startups (OpTier, Mercury) and from his military service in the IDF. Elad has a MA in Business Administration and BSc in Computer Science from Bar-Ilan University.
Customers are the target of cybercrime this Black Friday, but your business could be the real victim
It’s the time of year when customers look forward to great bargains, businesses look forward to great sales and cyber attackers look for an opening.
Black Friday has grown into a retail phenomenon. According to the National Retail Federation, 174 million US consumers went online shopping over the Black Friday weekend in 2018, which is around 70% of all US adults. This major shopping event can whip customers into a frenzy, with click-happy purchases costing the average buyer over $1,000, up 4.1% from the previous year, and likely to keep rising for 2019.
For retailers, it’s an important time of the year for sales, both in terms of providing the right deals for existing customers and in attracting new consumers to their websites and brand. According to CNN, “Black Friday and Cyber Monday are critical to retailers. They make an outsized chunk of their sales during the final quarter of the year. Retailers that disappoint during the stretch can face harsh consequences from investors” and risk putting themselves in a weakened market position going into the new year.
Could Black Friday be risky business?
With customers excited to grab a bargain and retailers who have a lot relying on their performance, there is urgency on both sides of the coin. With this urgency comes an opening for cyber threats.
Any time of year, your customers could be victimised by a fake website that mimics your own, tricking them into handing over sensitive credentials like usernames, passwords, or financial information. However, on Black Friday, the risk intensifies in a number of ways that affect hackers, businesses and users alike.
Attackers are given a trusted way in
Black Friday speaks for itself, encouraging users to take advantage of offers that might seem too good to be true. If your customer sees your brand name associated with a Black Friday deal, they are primed to trust this offer without thinking too hard about its validity.
Retailers seek more exposure
This retail holiday is visible everywhere throughout the month of November. Many companies rely on additional advertising, whether through social media, banner advertisements or email marketing campaigns. Attackers who scrape content from your legitimate branding can make realistic fake ads that take users to false versions of your websites, without you even realising they exist.
Customers are less cautious
The very nature of Black Friday hinges around 'FOMO', Fear Of Missing Out. With this ‘click before you lose the deal’ mentality, users are encouraged with offers that are about to run out against the clock or bargains that will be gone if they take even a few minutes to consider their options. This is a dangerous attitude to online shopping and can suspend a user’s regular safety precautions, making them think less likely to think about whether a website is secure or not.
How can retailers arm themselves against brandjacking this Black Friday season?
Preparing your customers for this rise in potential phishing scams should be just as high on your to-do list as letting them know about your upcoming deals. If you are sending out marketing content for the retail holiday ahead of time, here are a few warnings that you should share with your customers:
- Check the URL: Email, social media and third-party advertising could all send you to a false website that looks identical to the real company’s page. Always check to make sure that you’re on the official website. If you opened the site by clicking the ad and you’re not sure if it’s the real deal, close the link and navigate again from your search engine.
- Don’t trust HTTPS alone: Many people wrongly believe that false websites don’t have the padlock symbol, or the ‘s’ in the ‘https’ address. However, those signs simply mean that your connection is secure. Even if you see that padlock or the HTTPS addition, your data may still be at risk.
- Be extra safe on mobile: According to the data from 2018, more than half of Australian customers (54.9%) used smartphones when shopping online on Black Friday. Consider the mobile security gap! On your mobile phone, URLs are more likely to be hidden, and branding and formatting are expected to be different. You might want to consider sending out details of your mobile app or browser, especially if it’s different for various platforms.
The threat of Black Friday is too big for retailers to handle alone
With domain threats doubling during holiday seasons, the weight of brandjacking attempts over Black Friday and Cyber Monday is almost impossible to handle. It is certainly too much to expect to sidestep the dangers through customer education and retailer awareness alone. The only fully armed organisations this retail holiday season will be those who have embraced a Machine Learning solution against phishing scams that can scale to meet this demand. Such a solution should be able to find both domain and non-domain related threats anywhere on the web, identifying both content scraping and brand manipulation. It also needs to be lightning-fast, acting ahead of time at the preparation stages, while the hackers are still getting ready to launch their attacks.
Without these measures, your company cannot focus on those all-important holiday targets, and more importantly, your customers will remain at risk.