While many consumers are currently counting their pennies and stashing them all away for the post-Thanksgiving sales marathon, hackers are banking on a jackpot of their own right now. While Cyber Monday is a likely target due to all the revenue this one-day online event can generate, consumers are now warned that Black Friday shoppers seeking deals online will be targeted as well.
Digital risk management service RiskIQ recently released a four-page report called the Black Friday eCommerce Blacklist that reveals how hackers will attack shoppers during the Black Friday shopping season and where they plan to target. According to the report, 30 percent of the Black Friday/Cyber Monday shoppers will purchase discounted items on the mobile device, making them easy targets.
Why? RiskIQ states that mobile device owners are at risk of loading up phishing pages claiming big product discounts, malicious apps that promise to make the shopping season easier, and the resulting viruses that install themselves and steal money and personal data. Malicious Black Friday apps may even lock the mobile device until the owner coughs up a hefty ransom.
The report states that one out of 10 mobile apps that pop up when performing a Black Friday search on global app stores are listed as malicious. Hackers are also focusing on five leading retailers, providing more than 1 million blacklisted apps combined. The report doesn’t provide the names of the actual online retailers, but lists them as brands instead. Here is what RiskIQ found:
Total Number of Apps | Number of Blacklisted Apps | |
Brand 1: | 12,971 | 1,093 |
Brand 2: | 2,911,141 | 410,094 |
Brand 3: | 39,443 | 6,367 |
Brand 4: | 770,380 | 112,254 |
Brand 5: | 3,121,706 | 470,522 |
“While RiskIQ sees the majority of malicious applications hosted on third-party app stores that few American consumers know of, official stores run by Apple and Google have been observed hosting malicious apps,” the report states. “It’s important to realize that protection by most mobile app stores is good, but not bulletproof, and even the official App Stores host apps that can be dangerous.”
On the online shopping front outside mobile devices, there are more than 1,950 blacklisted website addresses associated with Black Friday and the top five leading online retailers. Again, these retailers aren’t listed by name in the report, but the fake websites are linked to spam, malware, and phishing schemes. Here is another chart showing the number of sites that are linked to a specific attack:
Spam | Malware | Phishing | |
Brand 1: | 249 | 218 | 79 |
Brand 2: | 159 | 142 | 37 |
Brand 3: | 41 | 140 | 29 |
Brand 4: | 147 | 218 | 73 |
Brand 5: | 87 | 194 | 79 |
Ultimately, the report insists that shoppers looking for a great deal online on Black Friday and Cyber Monday should pay close attention to links provided on social media channels. Consumers should also make sure the website address starts with “HTTPS,” which means the site provides a secure connection between the server and the visitor. Also, consumers should never provide a credit card number outside a secure online shopping portal and don’t fall for the scams that reward victims with fake promises of coupons or free merchandise.
“For shoppers, what starts out as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust between them and their customers and prospects — talk about indigestion,” RiskIQ states.
On a whole, consumers looking for great online deals on Black Friday and Cyber Monday can keep safe by triple-checking websites and mobile apps before entering personal and/or credit card information. Happy shopping!