Santa is not the only person checking his list twice, cybercriminals are doing the same thing, but in their case it's to make sure their distinctly un-jolly plans are fully in place without a care in the world if it lands them on the naughty list.
What makes consumers particularly vulnerable to scams during the holiday shopping season is the bad guys utilize a good shopper's best instincts against them. Primarily by using socially engineered email messages or fake websites to leverage the shopper's desire to find a good deal or a hard to find item. This means that a good shopper has to be on the lookout for a great deal, but one that isn't too good.
“The old adage, ‘if it seems too good to be true, it probably is' stands true with most of the Black Friday cyber scams, but it is important for consumers to become conditioned to recognize the signs of fake deal. Making sure you're on a reputable online store is the first step to securing your Black Friday shopping and this can be verified by ensuring the link is consistent with the webpage,” Aaron Higbee, CTO of PhishMe, told SC Media.
A recent survey from Netsparker found many American online shoppers are rightly concerned about the safety of their payment card information. About 44 percent of those surveyed said their primary worry is a website on which they have saved their credit card information will be hacked. Having card information stolen via malware is top of mind for 34 percent and bank card skimmers being used at a store causes apprehension for 29 percent.
Other quick shopping tips are to make sure the URL contains leads off with HTTPS, not just HTTP, and contains a green lock as this will ensure that any credit card information is protected with encryption and that you are dealing with a reputable retailer as the site's owner has been verified, HIgbee said.
Shoppers should also refrain from frantically clicking whenever something interesting pops up. Bob Adams, cybersecurity expert at Mimecast, suggests not clicking on links contained within advertisements, especially in emails.
“Check to make sure the offer in your inbox actually came from that company. Instead of clicking links, go to their websites manually to avoid becoming the victim of a phishing campaign,” he told SC Media, adding that when completing a purchase try to avoid allowing the site to store your payment card credentials.
A shopper's safety check list should also include making sure to not make any purchases on a public WiFi network or hotspots and everyone should remember that while punching in payment card info is required any site that asks for unusual data should be ignored,” said Netsparker's CEO Ferruh Mavituna.
“Legitimate online shops will only ask for your name, billing / shipping address and credit card details. They never ask for other confidential information such as your e-banking login details, social security numbers, ID car number etc.,” Mavituna said.