Prepared for your annual Black Friday shopping? Beware: Cyber-criminals are already waiting for you

Ahead of the annual Black Friday shopping event, where consumers across the world spend billions of Euro on everything from clothes to computers, cybercriminals are ramping up their efforts to get a share of the take.

Last year, the wave of new malicious URLs gained speed in late August and September, and peaked in the two-month October and November recording period with 7.6 million detections. Following Black Friday, the number of detections fell by around 60 percent in December and January to the more usual bimonthly levels of 4.7 million.

The yearly surge of malicious URLs parallels the Google Trends data on Black Thursday searches – an accelerating climb starting mid October, hitting a peak in end November, then dropping off almost completely in December.

“It’s the age-old ‘what came first – chicken or the egg?’ question,” said Alexander Vukcevic, head of the Avira Protection Labs. “But in this case, we know that the shoppers came first, and the malware came close behind.”

On a national basis, Black Friday themed malicious URLs were detected in a number of countries such as France, Germany, and Italy in addition to the expected large numbers in the United States and the United Kingdom. “The range of detections shows how the ‘Black Friday’ term has become an international online phenomena,” explained Vukcevic.

Hidden within this yearly surge is the growing share of surfers that do their searching and shopping online from a mobile device compared to the traditional shopper at home on a computer. Last year, the share of online shoppers using their mobile devices rose from 29 to 40% of the total according to the Crito marketing company. This shift to mobile devices is also showing up in the threat landscape, pointed out Vukcevic. “Compared to 3 years ago, we are finding nearly 10x as many new mobile threats per month.”

Malicious URLs – whether for computers or smart phones — are web addresses designed to damage or infect the device looking it up. They are an intrinsic part of many phishing and malware distribution schemes. “The majority of malicious URLs are phishing for eshops, social networks, and banking sites,” he stated. “Quite a few phishing sites have variants for desktop and mobile, but the mobile sites are harder to visually spot as they are smaller and the malicious URL is often cut off or a series of hyphens added to move the suspect parts of the URL out of the picture in a technique called ‘URL padding.’”

The most variable risks are how the consumer goes out – are they shopping from home or on the road, are they on an open or secure network, how are they handling those pesky password details. “These are all areas where consumer decisions do directly impact their security,” added Vukcevic. With the threats from poisoned and malicious URL’s already prepared and in motion, consumers should be careful along the three steps of their shopping journey: where they go, what they see, and how they buy.

Where do you go

Internet shopping can take you to some interesting places – and also to some dangerous ones. Phishing web pages look carbon copies of the originals, but the web addresses behind them are slightly different. When comparing prices and goods, look for eshops with a good trust rating/reputation and a significant number of reviews. -In addition, malvertising and phishing ads can pop up on legitimate – but compromised – websites.

Safe steps:

  • Look closely – The web address visible in the browser should mirror the company name. If it is spelled differently or has an unusual series of hyphens hiding the URL – leave immediately.
  • Block it – Get an intelligent ad blocker to protect you against infected sites, block malicious and intrusive ads, and shut out online snoops.
  • Get an outside opinion –  Don’t shop alone. Avira Safe Shopping provides information on real prices, real deals, and real shops.

What do you see

Phishing email schemes have gotten more targeted over the years. While order confirmations and bill for unknown and unordered services will come up in your email box (such as Amazon and PayPal), it’s entirely possible that a spear-phishing campaign includes your precise name and a really interesting offer.

Safe steps:

  • Be skeptical –  If an offer seems too good to be true – it probably is
  • Don’t open it – Files attached to suspect emails can contain anything from ransomware to the latest zero-day threats.
  • Cut it out — Make sure to block out dangerous web content that is categorized as phishing, malware, spam or fraud.

How will you buy

While online looking may be enjoyable, sooner or later you have to pay. This is risk — especially as the level of online shoppers using their mobile devices increases. Public networks – whether at a store or a café – are not secure. -Do not enter any credentials into sites you are not 100% sure of their authenticity.

Safe steps:

  • Lock it down – Make sure that during the payment process, there is a lock symbol and that the URL begins with HTTPS, this ensures a secure communication with the web server.
  • Encrypt it – Use a VPN solution to encrypt and hide your online transactions away from prying eyes.

This post is also available in: GermanFrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.