Black Friday: watch out for the online shopping frenzy

Security Awareness
14 November 2022
Black Friday

The times when in order to buy something, you had to physically go to the right shop are now a distant memory. No more afternoons spent in the car to get to that place where that particular product was to be found, no more hours spent loitering around the window displays, but also no more chatting with the seller who recommended the right product, service or trip for us. Shopping is increasingly taking place online.

According to the studies of the B2C eCommerce Observatory of the School of Management of the Politecnico di Milano, in fact, Italians’ passion for online purchases continues to grow. In 2022, according to the data, it reached the value of 48.1 billion euros, with an increase of 20% compared to 2021, when purchases exceeded 40 billion.

Online purchases of services recorded the largest increase, which, with a rate of +59%, reached 14.9 billion, thanks mainly to the recovery, in the post-pandemic period, of the tourism sector.

Specifically, the growth rate between 2021 and 2022 for tourism was 74% (it hit 11.8 billion euros), but the transport and events sectors are also doing well. The online penetration rate on total consumption for products in 2022 has increased by only a few tenths of a percentage point, but remains at 11%. The IT and furniture sectors are growing, the publishing, beauty and food sectors remain stable, and the clothing sector is decreasing. Thanks to the expansion of travel, the penetration rate for services increased from 12% in 2021 to the current 14%.

Black Friday and online shopping

There are also periods that are particularly favourable for online shopping, certainly including the month of November, which, for some years now, thanks to Black Friday, has been the month par excellence for promotions on all online purchases. A sort of free-for-all to buy anything on the internet at a discounted price, and that pushes even the most reticent of consumers to buy. Cyber Monday, which this year falls on 28 November, and which, in theory, should close the promotion period, represents the highlight of this period, but is focused on technological products.

But, as always, it’s not all fun and games, and this frenzy of discounts and promotions naturally has its dark side. Let’s say that it is a date that hackers are anxiously anticipating and for which they are certainly not unprepared.

What better opportunity for them, given the amount of money that circulates online and the sensitive data that users enter every day, such as account access credentials and credit card information.

It is easy to predict the interest of criminals in registering thousands of domains similar to the original domains of companies, so as to impersonate the most famous marketplaces, such as Amazon and e-Bay, and steal sensitive data from victims.

Black Friday strikes e-commerce companies and unsuspecting customers

E-commerce cyber attacks are of various types and differ both with respect to the target affected, i.e. company or customer, and with respect to the criminal’s target.

On the corporate front, the hacker who prepares a targeted attack on an e-commerce site will aim to hit the victim’s IT infrastructure, (website or server). The site can, for example, be defaced through unauthorised access. This is one of the most impactful types of attack on the image of a brand. Another type of attack is the DDos, Distributed Denial of Service, which saturates a site with requests and makes it non-operational, interrupting the service and causing serious damage, both economic and to the brand’s image.

Another attack on companies is cross-site scripting (XSS), which is an injection of malicious code to exploit the vulnerabilities of dynamic websites. Naturally, as a result of these attacks, a ransom is required to restore the previous situation.

On the customer scam front, among the most widespread threats are frauds based on phishing and credential stuffing that have reached an increasingly worrying dimension. The first of these are emails that impersonate a brand and convince the user to whom they are addressed to provide access credentials to a service. By imitating the company in terms of appearance and terminology, the cybercriminal obtains valuable information for undisturbed access to the accounts and thus purchases in the name of the victim.

Credential stuffing, on the other hand, occurs when cybercriminals use automated software to make access attempts with data previously acquired from another stolen data set. If the user routinely recycles the same password, he/she runs the risk of having his/her account compromised.

One click is enough

What is required is always a click on a fraudulent link or the entry of sensitive information on a fake site. Once you fall into the trap, your personal account can be used for different purposes. The goal is always the same: to steal sensitive information and credit card numbers or inoculate malware.

How to protect yourself The precautions are always the same:

     

      • use unique and strong passwords for each online account,

      • be more careful when using mobile devices. Shortened URLs, often used because they are very convenient on mobiles, can hide bridges to risky sites. If it is not possible to postpone a transaction, it is better to turn off Wi-Fi and use mobile data; or wait until you are browsing on a secure connection,

      • avoid making purchases on websites that seem suspicious or defective, no matter how profitable the Black Friday sales are,

      • do not click on unknown links received by email or through social media,

      • use a prepaid card for online payments. The greater the availability, the more money can be stolen by scammers.

      • always enable and use two-factor authentication

    As a brief summary, the recommendation is always the same: never get distracted, never get caught up in the euphoria of shopping, never lose focus, and never click in a careless way.

    Even if, in this month of November, we feel a bit like Alice in Wonderland surrounded by glittering, desirable objects that are so easily accessible, we must remember to pay attention to every move we make online. Because every click can be fatal.

    Related Articles

    Clusit 2024 report: data of concern

    Clusit 2024 report: data of concern

    Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

    read more