BLOG: Black Friday 2020 – What Are The Risks?

Black Friday is universally known as the time of year when the best discounts, deals, and prices are on offer at retailers and eCommerce platforms.  

This shopping craze often means that security and personal information is treated as an after-thought due to the hectic time. Consumers and retailers must take steps to protect personal information at a time where cyber scammers and hackers are searching for their black Friday deal on our personal data and information. 

Retail organisations should adopt a ‘security by design approach’. This approach is the process in which security is built into every single step or process a customer may go through when purchasing a product. Technical controls can only go so far to protect personal data, consumers have a responsibility to stay vigilant and aware of the possible risks in order to protect their data. 

According to statistics, phishing attacks increase by as much as 336% during Black Friday. Many customers can get distracted by the Black Friday occurrences and ultimately put them at risk via email, text, and social media scams, organisations have a huge responsibility in doing more to alert and educate their customers on simple best practices, such as recognising deals that might be ‘too good to be true’ or using public Wi-Fi networks with caution. Due to the increase in risks, many banks such as Barclays and Natwest have taken the initiative to remind customers to be careful with Black Friday deals. 

There is always a new exploit or vulnerability and the security landscape is constantly evolving, especially since COVID (see our COVID series), this means that no one is immune to this sort of data threat and data theft. This Black Friday, scammers will be taking full advantage, which means organisations need to take a more holistic approach to protect themselves, their employees, as well as customers. 

Brief tips to avoid Black Friday threats 

• Stay Vigilant: Technical controls play a strong role in protecting personal data, vigilance and awareness are the key attributes to help protect data and information. But, consumers need to try to understand which apps and platforms are genuine and secure and should be extra cautious. Beware of the deals and offers that seem to be too good to be true as there is a possibility that it is a scam created by threat actors. Fraudulent scammers pretend to be legitimate online sellers by using a fake website or posting a fake ad that looks too tempting to resist.

Figure 1: An example spam email masquerading as a legitimate promotion from our 2018 Black Friday high and woes article, read here 

• Password Manager: The popular error that many make is using the same password for every service. This is not an effective method as there is a great chance that all the platforms with this password will be compromised if one is infiltrated. It is best to change passwords regularly, make them as complex and extensive as possible alongside using tools such as password manager 

• Reduce the risk of data transfer via public WIFI networks: Unsecure networks that are not encrypted also pose a risk. Data that is sent over a regular HTTP connection, between browsers and websites that we as consumers are connected to, will be in plain text and therefore can be read by any hacker looking to exploit you. HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP, where all communications are securely encrypted. The Site Identity button (a padlock) appears in your address bar when you visit a secure website using HTTPS. 

Orpheus’s threat-led approach to Cyber Risk Rating can help businesses small and large mitigate against these Black Friday ‘deals’ by providing a comprehensive understanding of present threats and vulnerabilities, protecting both retailers and their supply chains from these festive cybercriminals.