Shop Online Safely This Black Friday
It’s that time of the season – the unrealistic expectation of snow rises, the knits come out of the closet, and the credit card details are entered into a multitude of websites. Your bank account certainly didn’t miss the November sales, but we know of at least a few people for whom it is a happy holiday season.
The November sales have always brought with them a sharp increase in cyber security incidents, but since the Corona epidemic, the trend is only getting stronger. The astronomical increase in online shopping due to shoppers’ preference for the web interface over the physical store resulted in profits of 40 billion$ in 2021 just on Black Friday weekend in 2021. This explains the efforts hackers put into building fake websites that look similar to large shopping websites, and sending phishing messages via email – A new Bitdefender study found that more than 50% of phishing messages sent in October- November were Black Friday and Cyber Monday related.
This figure is even more threatening in light of the data that SIFT found on a sharp increase of 62% in Payment Fraud attempts.
The most popular method among hackers is to redirect the consumer to fake websites, imitations of the original. Check Point found in a study that there is an increase in the number of fake websites marketing products for Black Friday and that since the beginning of November 4% of all websites relevant to the issue is fake – millions of websites that receive organic and PPC traffic every day. These sites often look very similar to the original, but with attention to small details you can identify the fake:
- Spelling errors in links – Links of these sites are usually written differently from the original links. Example: www.ailexpress.com instead of www.aliexpree.com
- Pixelized images
- Site not working properly
- If it’s too good to be true, it probably isn’t true
- A website with no contact info/ company details
Read all about phishing in our full phishing article
It cannot be emphasized enough times, but never click on links sent from emails, certainly not emails announcing huge sales on our favorite website. The link appearing in these emails can take us to an unsecured or fake website. Even if the link goes to the original website, there is a danger that a virus has been downloaded to the computer, so if you order from the original website, your credit card details will be recorded and stolen.
Sending an order confirmation is a popular method hackers use to impersonate a legitimate site. These messages usually inform users of a problem with an order, designed to entice users to click on a link leading to a fake website or to download malware.
In November 2021, the Check Point team found a phishing email impersonating the luxury brand Louis Vuitton. Phishing messages were sent from the address – psyqgcg@moonfooling[.]com, which promised extremely low prices on luxury bags and jewelry, all to entice users to click on the attached link leading to a site under the domain o[.]awojlere[.]ru
Another popular method is to send an SMS message relevant to the delivery of a package – the shipment has arrived/departed etc.
Conclusion – pay attention to warning signs:
- typos such as google instead of google
- Address without SSL [usually a lock symbol in the link line] – you can check the address on this site
- Does the link lead to a website owned by the official company
- Do not click on direct links, always access the site through the Google search engine.
The debit card may allow for efficient financial management for those of us who have difficulty maintaining a budget, however, if its details are stolen there is no going back. 2020 registered an all-time record of 117 million dollars stolen from debit alone. With credit cards, it is much easier to correct theft and injustice. Blocking the card and canceling transactions can be done quickly, and most credit card companies allow for a full refund in the case of fraud, which is not the case with debit cards.
As a former frequent traveler, this one is a little hard to remember but crucial for any public wi-fi user. Avoid accessing sensitive accounts when connected to public wi-fi such as cafes, Hotels, and airports. These networks can be used to launch a Man in Middle attack, intercepting any communication between your device and the site’s server. This attack has 2 stages:
This type of attack has two stages – interception and decryption:
The hacker tries to intercept the connection between the user and the service provider, usually by creating a free and public hotspot. Once the victim connects to the hotspot without the need for a password, the attacker has full access to the internet communication.
Do not log in to sensitive accounts when connected to unsecured wi-fi (airports, cafes, etc.)
After intercepting the user’s Internet communication, the information received must be decrypted without alerting the user – SSL abstraction or hijacking can be used, and HTTPS Spoofing.
Pay attention to the browser messages that report suspicious activity
Monitor Your Expenses
Keep track of your bank account and credit charges for the month following the end of your November shopping, to ensure there are no unapproved or unusual charges. In any case of suspicion, contact the business in question, obtain an invoice and if the charge was not made by you, contact the credit company and cancel the card immediately.