Black Friday tips from Secureworks

As Black Friday approaches, Mike McLellan, director of intelligence at Secureworks, analyzes the cyberattacks that malicious actors could launch against consumers on Black Friday and Cyber ​​Monday.

“Social engineering inevitably peaks around big events like Black Friday. Internet users are looking for quick offers and discounts and are ready to spend their money – classic ingredients for a good phishing campaign. It is easy for attackers to fool consumers when their guard is down with emails featuring tempting offers or fake delivery tracking emails – consumers actually expect to receive this type of communication, so these campaigns are not the all unwanted. The pressure associated with one-off and very short promotional offers prevents consumers from doing their sensory checks.

“Although there is a spectrum, most campaigns are mass market and unsophisticated. Even so, it is unreasonable to expect consumers to still be able to spot key signals. Watch out for telltale signs of phishing: a misspelled company name or URL, misspellings, outdated email templates, etc. Also, also pay attention to the activity on your bank account, and if you are unsure about a transaction, contact your bank; avoid click links; enable multi-factor authentication, such as fingerprinting – where you can; and try to avoid downloading software applications from unofficial sources (even if they claim to be free!).”

Secureworks Detailed Recommendations for Consumers:

1. Check email sender: Check the sender address of any email that asks you to click a link or open an attachment. Check for misspellings of domain names or discrepancies between the display name and the actual sender email address. Be especially wary of emails from merchants you don’t recognize or haven’t used yet.

2. Ignore the Links: Some offers may be too good to be true. Beware of sites that look like well-known sites offering deep discounts and hard-to-find products. Even if a website or email seems legitimate, open a new browser whenever possible to go directly to the real e-commerce site rather than clicking links through an email.

3. Monitor your bank accounts: Sign up to receive fraud alert notifications from your bank/card provider. This protects you from scams that falsely claim that there has been unauthorized activity on your accounts to trick you into revealing your account username and password.

4. Strengthen your e-commerce site’s account security: Use multi-factor authentication on all accounts that authorize it and a strong, unique password for each site. This can greatly reduce the risk, if your credentials are stolen, that cybercriminals can use them to access your personal information, bank details or to carry out fraudulent transactions.

5. Check for updates: Malware infections can occur through malicious advertising (“malvertising”) or third-party code running on e-commerce sites, so visitors get infected without making any mistakes. Never let a website pressure you to run downloaded software or call a technical support hotline.

6. Check app permissions: Only download mobile apps from authorized app stores. Even then, be aware of the permissions they require. Apps that ask for access to text messages, contact lists or passwords should be treated as highly suspicious. Delete any apps you no longer need or use.

Leave a Comment