Cyber Monday is the appointed day when people frantically shop online for the best deals in time for the holidays. Everything from TVs, phones, and laptops to mattresses and appliances are promoted as being available at the lowest price all year. According to Adobe’s yearly shopping insights report, retailers reported a whopping $10.8 billion in overall revenue on Cyber Monday versus Black Friday’s $9.0 billion in 2020.
It’s also a time when cybercriminals sharpen their skills and take advantage of the millions of people shopping online. Let’s unbox some of the Cyber Monday hacks of which business and consumers should be aware of:
- Many employees will be online shopping at work and using their company’s technology to make purchases. This puts many small to mid-size businesses as a potential target of a phishing attack.
Phishing is the practice of sending fraudulent communications that appear to come from a trusted and reputable source. It is usually performed through email, with the goal of stealing sensitive data like credit card and login information. Hackers can also install malware on the victim’s machine.1 It takes only one successful phishing attack to compromise a business’s network and steal data.
Phishing can involve the inclusion of links to fake login pages that prompt authentication on the part of the user. You might think you’re logging into your Amazon account, for instance, but that’s not the case. You’re actually just handing your username and password over to an attacker, details which the malicious actor can abuse later.
- Web-skimming or magecart is another cyber hack to watch out for. This is when malware infects online checkout pages to steal payment and personal information of shoppers. “Magecart is a very common type of attack in e-commerce and is attributed to seven to 12 attack groups, who are behind the theft of millions of online shoppers’ credit card information,” according to IFSEC Global, a firm that examines the latest developments and best practices in disciplines like security management.
An average of 425 magecart incidents per month occurred in 2020, cites IFSEC Global. Attackers often deploy social-engineering tactics, such as sending shoppers a bogus promotion for a site. When shoppers respond to the fake offer, they enter their personal data on a page that is actually a skimming scam.
- Multiple third-party vendors support online sales, which further exposes retailers to possible threats. Cybercriminals often target third parties because they’re the weak links in the supply chain.
Protecting Against Cyberattacks/Reinforcing the Need for Cyber Insurance
It’s important for businesses to employ a security-focused mindset and implement multiple solutions to keep themselves safe against cyberattacks. IFSEC Global recommends implementing firewalls and making sure the web connection is secure and passwords are strong, using multi-factor authentication. Use intrusion detection systems, and constantly monitor and update web platforms. Enforce zero-trust solutions that restrict third parties to information the website has authorized them to access while blocking access to consumers’ private and payment information, also known as “least privilege.”
In addition, reinforce how critical it is to include a Cyber insurance policy, providing not only the coverage needed in the event of an incident but also the guidance and expert navigation required in dealing with a cyberattack.
Sources: Adobe,CISCO1, IFSEC Global