Mistakes Exploited by Cyber Criminals on Cyber Monday: Part I

A decade ago, the term Cyber Monday was conceived by the National Retail Federation to bolster sales even after the Thanksgiving weekend, and to create an online shopping equivalent to Black Friday. They implemented their concept by partnering with the media to couple the catchy phrase Cyber Monday with sales and promotions advertisements.

Since then, it’s taken off. Last year, $2.68 billion were spent on Cyber Monday. That’s well over $100 million an hour. 52% of Americans are engaged in Cyber Monday. In America, the sales of Cyber Monday trump both Black Friday and Thanksgiving sales, combined.

What does this all mean? Online shopping soars on one particular day, because of the hungry coupon crowd that makes its way to the Internet; but, while you score an extra pair of fuzzy socks, many are gathered with the intention of exploiting the convenience of the holiday to get your account information. 64 percent of organizations announce an increase on cyber crime on Cyber Monday.

As more individuals get cozy with the effortless exchange of the virtual purchase, a demand for cyber security becomes crucial and certain. Until then, let’s cover the gap by being prepared.

Mistake 01: Putting all the eggs in one basket

Don’t just devour sales on Cyber Monday! There are sales throughout the year that may be just as rewarding as that one day. Even doing fifty percent of your shopping at Black Friday and fifty percent of your shopping on Cyber Monday will count down on the exposure to cyber criminals this season.

Implement shopping lists based on store availability and the convenience in getting it. Limit your Cyber Monday browsing to things you would otherwise not be able to purchase in your area, and things that are just more convenient to get shipped to your door.

Mistake 02: Falling for the ole phish in the email barrel

An unanticipated consequence of online shopping, as opposed to traditional shopping, is the probability a user will see an email about a sale and get redirected to a malicious website that for the most part exhibited a legitimate visage. This is called spear phishing. According to Zero Fox Social Media Security & Threat Intelligence, phishing attacks escalate as much as 336 percent around the holiday season.

According to Google, these bogus emails and sites prevail on unsuspecting individuals 45 percent of the time. Users submitted their information 14 percent of the time, which is significant considering that these success rates reflect millions of messages.

It gets worse. People in the contact list of a hacked individual are 36 times more likely to get hijacked themselves. This means that one person’s mistake may impact those they know and love, and hackers are not nice. Dwayne Melancon, chief technology officer at Tripwire, advises that employees “need to be aware that anytime their computer is on their corporate network, even if they logged in through a VPN, they can put their organization at risk” as well.

A simple solution to this problem is to get a Google account. They do a great job of keeping the bad guys out. They’ve curtailed hijackings by more than 99 percent in recent years.

When you see a message that asks for your login information or other data, don’t reply. Rather, report them to your account provider. Do not click any links, but feel free to enter the URL and visit the website to update any and all account information.

Mistake 03: Shopping on websites with a past

Keep in mind that just about any database can be compromised. There is no magic lock that that cannot be unlocked. If there were, it wouldn’t be a lock. As long as there’s a way in, there’s a way for a patient, experienced hacker to discredit an organization. However, some retailers and e-commerce websites are better than others. The most important value to find in corporations is how they handle the breach.

In September 2014, hackers created various listings accompanied with JavaScript code on eBay. Less than an hour later, Scottish IT worker Paul Kerr discovered the deception and in turn alerted eBay. The script used, Cross-site scripting, happens to be “the top vulnerabilities that website owners should be concerned about,” says Dr. Steven Murdoch from University College London.

Earlier in 2014, 150 million accounts were exposed. User’s emails, addresses, phone numbers, birthdays, and encrypted passwords were included in the exposure. This kind of leakage suggests the security status and evident improvement of the company on said security status.

Taking the time to know the security history of the brand or company you want to buy from this Cyber Monday may mean the difference between your information being safe and your information being unprotected. Simply enter the company and cyber security on the search engine of your choice to see if some unflattering news has ever been produced. At that point, you can use your own discretion based on the information presented.

Mistake 04: Clicking links lying around

Convenience is not always serendipitous. It’s perfectly respectable to be wary when clicking on links. Be sure to watch the URL bar for any monkey business.

As I said before, entering the website’s URL yourself, or clicking on a link in your handy bookmarks, is also a nice touch. It really is better to be safe than sorry when it comes to your wallet.

Mistake 05: Logging in when they should remember

Almost 50 percent of people fall for fake websites. That’s crazy. A nice way to detect a phony is to opt for your computer to remember your passwords. Once it remembers your passwords, the computer shouldn’t have a situation where it won’t.

Think back to that time you specifically asked for your computer to remember your Netflix password (because it helps you get to Breaking Bad sooner). Chances are, that link you clicked in your email to see the new show that might interest you wasn’t from Netflix this time. It’s easier to catch when your computer is familiar with where your passwords should or shouldn’t be remembered.

Mistake 06: Believing in those too-good-to-be’s

Amid the frenzy of Cyber Monday, it’s easy to go a little hog wild and believe things that you otherwise wouldn’t. For instance, under normal circumstances, very few people would trust a headline that reads, “75 inch LCD TV for only $20! Limited inventory!” Such headlines are called clickbait.

We must not let some of these deals distract us from the narrow path. Shopping lists can make things easier. Additionally, know how much a 75 inch LCD TV would cost at market price (at least $1600) if that’s indeed what you were shopping for.

For further reading:

Bradley, Tony. “Protect Yourself against the Cyber Monday Spike in Cybercrime.” CSO Online. 1 Dec. 2014. Web. 13 Nov. 2015. <http://www.csoonline.com/article/2853635/malware-cybercrime/protect-yourself-against-the-cyber-monday-spike-in-cybercrime.html>.

Bursztein, Elie. “Behind Enemy Lines in Our War against Account Hijackers.” Google Online Security Blog. Google, 6 Nov. 2014. Web. 13 Nov. 2015. <https://googleonlinesecurity.blogspot.co.uk/2014/11/behind-enemy-lines-in-our-war-against.html>.

“Cyber Monday Breeds Cyber Crime [Infographic].” ZeroFOX. ZeroFOX Team, 18 Nov. 2014. Web. 13 Nov. 2015. <https://www.zerofox.com/blog/cyber-monday-breeds-cyber-crime-infographic/>.

“Cyber Monday Statistics and Trends.” Fundivo. Web. 13 Nov. 2015. <https://www.fundivo.com/stats/cyber-monday-statistics/>.

Maher, Monica, and Mindi McDowell. “Shopping Safely Online.” US-CERT. The United States Computer Emergency Readiness Team, 6 Feb. 2013. Web. 16 Nov. 2015. <https://www.us-cert.gov/ncas/tips/ST07-001>.

Santillan, Maritza. “Cyber Monday: Staying Safe from Hacks and Scams This Holiday Season.” The State of Security. Tripwire, 30 Nov. 2014. Web. 13 Nov. 2015. <http://www.tripwire.com/state-of-security/security-data-protection/cyber-monday-staying-safe-from-hacks-and-scams-this-holiday-season/>.

Santillan, Maritza. “Hackers Redirected EBay Shoppers to Phishing Scam | The State of Security.” The State of Security. Tripwire, 18 Sept. 2014. Web. 13 Nov. 2015. <http://www.tripwire.com/state-of-security/latest-security-news/hackers-redirected-ebay-shoppers-to-phishing-scam/>.

Toothman, Jessika. “How Cyber Monday Works.” HowStuffWorks. 9 Oct. 2011. Web. 16 Nov. 2015. <http://money.howstuffworks.com/personal-finance/budgeting/cyber-monday1.htm>.