Black Friday is here, if we remember this time last year we were still unaware that Target was compromised, which was the start of a string of breaches that we have seen throughout the past year. Although the credit card thefts at Target started around Black Friday, the initial intrusion had occurred weeks before. Odds are that if we are to experience a similar breach this year, the attackers are already inside their target networks and simply waiting for Black Friday to begin to start harvesting credit card numbers.
Consumer Shopping Tips
Consumers are in many ways playing a game of retail breach roulette with every purchase they make during the holiday season, as there is no way to know what retailers have been compromised. The more practical approach is to assess the risk that your credit card will be compromised and to plan accordingly. This doesn’t mean you need to put a credit freeze, or get new credit cards, but instead to be particularly vigilante in tracking your statements. Here are some tips from Tripwire and the FTC with King 5 News in Seattle regarding how to protect your credit cards this holiday season:
The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food, good company and good fortune. Once they’ve put away the leftovers, many Americans don their coats, head to the malls, and wait in line all night. For what? Black Friday, the commencement of the Christmas shopping season.
Black Friday is exciting because die-hard shoppers never know what deals they might find. But in their fervor to save money and score big, some people don’t take the necessary precautions to protect their personal and financial information. Attackers know that fact all too well, which is why they’ll go to any lengths to prey upon people’s digital security both online and in stores.
Here are five digital threats for which shoppers need to watch out on Black Friday. Advice on how to defend against each of those threats follows.
1. PHISHING ATTACKS
In a phishing attack, a bad actor tries to trick a user into doing something they wouldn’t ordinarily do like clicking on a suspicious link for a Black Friday sales deal. Phishing links lead to fake login pages that prompt users to enter in their credentials for one of their web accounts. The user thinks they’re logging into their Amazon profile, but that’s not the case. Instead, the attacker steals their username and password, details which they can abuse later.
To protect against a phishing attack, users should exercise caution around links they receive from people whom they don’t know. They should also always verify the legitimacy of a web page’s domain before attempting to sign in with their login credentials.
2. FINANCIAL MALWARE
Sometimes a phishing email doesn’t come with a link – sometimes it comes with an attachment. Yes, it may profess itself to be a special Black Friday announcement, but it could just contain an image and some malicious macros.
If the recipient decides to enable content, they could unknowingly install a piece of malware like Carbanak or Tiny Banker onto their machines. Those programs can then steal users’ banking credentials off fake login pages. Alternatively, they can download a keylogger that’s capable of logging all a user’s keystrokes, including their credentials for some of their other web accounts.
Users can protect themselves against financial malware by installing an anti-virus solution onto their computers and keeping it up-to-date. Those products are, for the most part, limited in their effectiveness because they are signature-based. Still, they do provide some protection.
Users should also enable two-step verification on their accounts. Doing so will help prevent attackers from accessing their accounts even if they make off their username and password.
3. ONLINE SCAMS
Black Friday scams in many forms. Some claim users have a package waiting for them at a local post office. Another says it’s giving away unbelievable coupons at a well-known retailer, whereas others still offer refunds for Black Friday purchases. Regardless of the form they take, all Black Friday scams are meant to trick users into forfeiting their personal and/or financial information. Attackers can then abuse that information to commit credit card fraud or to steal their identity.
Scams lure in people with what they want to hear. With that said, if an offer seems too good to be true, it probably is. If users have any doubt, they should contact the company making the offer directly and confirm whether the deal is legitimate.
4. ATM SKIMMING
Black Friday shoppers oftentimes withdraw money from the ATM when they’re out at the mall. Unfortunately, those machines are susceptible to their own share of digital attacks. One of the most prevalent methods is ATM skimming, an attack where actors affix small electronic devices to an ATM that helps them steal unsuspecting people’s credit and debit card information.
The attack usually consists of two parts: a skimmer that copies the information stored on a victim’s payment card and a camera that watches them enter their PIN. Attackers are crafty when it comes to placing their skimmers and hidden cameras, so it’s hard to defend against an ATM skimming attack.
In general, if people know they’re going to be doing some shopping that day, they should try to use an ATM that’s stored inside a bank beforehand instead of one that’s out in the open where attackers can tamper with it. If they absolutely need to use a public ATM, they should shield the keypad when they enter their PIN, and they should look for anything that seems out of place on the terminal before swiping their card.
5. DEVICE THEFT
In the rush of a Black Friday shopping spree, people sometimes don’t keep track of their personal items. For instance, someone might be looking at a new TV and forget to pick up their device when they leave the store. That’s bad news, especially if an actor with bad intentions picks it up.
They could use the device to change the login credentials on any of the victim’s accounts. They could also steal the victim’s photos, contacts and messages, information which they can abuse to commit identity theft, extortion, or a whole slew of secondary attacks.
Users should protect their phones against device theft by implementing some sort of locking mechanism on their devices. They should also activate a feature like Find My iPhone for iOS that allows them to remotely track and/or wipe their device in the event they misplace it.
Attackers have a variety of ways to target people’s personal and financial information on Black Friday. Fortunately, shoppers can take several precautions, including those explained above, to mitigate those risks.
For more tips on how users can protect themselves this Black Friday, please listen to Tripwire’s interview with King 5 News in Seattle.