Search

Black Friday, Cyber Monday: some best practices for safe shopping

Black Friday and Cyber Monday have transformed the way consumers approach their holiday shopping. In this period that is particularly ripe for cyberattacks, find in this article a reminder of the good security practices to apply before making a purchase.

Black Friday and Cyber Monday, two unmissable events for shopping enthusiasts

Like every year, Black Friday will be held on the last Friday of November. Created in the 1950s in the United States but only appearing in France in 2013, this event was launched in France with the aim of bringing consumers back to boutiques and stores. In times of inflation, Black Friday has emerged as an opportunity to access products at affordable prices. After a successful 2022 edition, 2023 should once again break all records.

Cyber Monday was introduced at the end of the 2010s to generate the same level of enthusiasm but this time on the internet. Popularized in France by e-commerce players like Amazon, Cyber Monday allows Internet users to access good deals during a limited period. If these events were intended to be distinct in the past, the majority of e-retailers today offer promotions both during Black Friday and Cyber Monday. A confusion that confuses buyers’ understanding and leaves room for malicious cyber acts.

A risky period for consumers

If the discounts are significant during this period, scams are also legion. It is therefore not uncommon to see promotional offers appear using a myriad of phishing sites. There we find all types of products, from consumer electronics to luxury watches , as the Infosecurity Magazine website reported last October.

If this phenomenon is questionable, its justification seems to come from French e-commerce stores' low security level. As reported by cybersecurity publisher Proofpoint, 58% of e-commerce sites have not configured the DMARC protocol on their domain name. Worse, for 10% of stores, a lack of security measures was observed. Negligence that allows cybercriminals to usurp the e-retailer's brand through phishing campaigns that are larger than life.

With scam and theft of banking information, consumers must be careful

In November, the probability of being the victim of an internet scam increases significantly. By increasing the number of phishing sites, false email campaigns, and advertising texts, cybercriminals seek to break the consumer's barrier of vigilance.

Bank details, theft of login credentials, and purchase of counterfeit products are numerous opportunities to make money. To try to stem this phenomenon, Amazon alerted its users on November 18th of the increase in scams.

Varied in its approach, the scenario nevertheless seems formidable. The most popular comes in the form of a notification email indicating that the user's account has been suspended in order to force them to reconnect to a phishing site. A second approach adds a malicious attachment containing malware to the email. Enough to kill two birds with one stone by compromising the victim's account and their computer. Finally, a last observed variant manifests itself in the form of telephone calls and text campaigns. Pretending to be Amazon's telephone support, the criminals attempt to extract the victims' banking information under the guise of a Prime service subscription problem.

Asked about the average amount stolen from victims, the HSBC bank indicates in its November 2023 press release that the scams would be characterized by the purchase of expensive products of up to £900 . The Barclays bank in turn confirms this order of magnitude with an average of £970, while highlighting an increase in fraud of 22% compared to the same period last year.

Some good practices to apply before making a purchase

In order to prevent your purchase from turning into a bad experience, here are some good practices to adopt before making a purchase.

Make sure you buy from a legitimate website

Many phishing sites use neighboring domains that are one letter similar to the legitimate on. In order to avoid connecting to the amzon.com site instead of amazon.com, always make sure that the site you are visiting is the legitimate site of the brand.

Beware of tempting offers

While Black Friday and Cyber Monday are known for offering heavy discounts, be wary of offers that are too tempting. It is rare during this time to see discounts of more than 70% off. Offers with discounts of 80 to 90% are therefore more likely to be fraudulent.

Look up sellers

If you are about to make a purchase for the first time on a website, take the time to do research on the seriousness and legitimacy of the latter.

Several platforms allow you to consult customer reviews such as TrustPilot or Verified Reviews. Also, take the time to visit the legal notices to ensure that the company is indeed domiciled in France. If this is not the case, recourse against the incriminated company will be difficult or even impossible in case of a complaint.

Be careful with calls and texts

Fraudulent calls and text messages are increasing. So be careful to never share personal information such as your first and last name, your postal address, your login ID, your password, or your bank details. Keep in mind that an e-commerce site will never ask for this kind of information by phone or text.

In essence

Year after year, fraud linked to Black Friday and Cyber Monday are ever increasing. In order to make purchases safely, take the time to carefully analyze the websites you visit and the communications you receive to ensure their legitimacy.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT