Thanksgiving comes early this year—and with it, the dilemma of whether to queue up for Black Friday deals in person or online (although Colorado “Scrooges” might be queuing up for first tracks down already snowy slopes). Since the 1960s, the day after Thanksgiving has marked when retailers go from being “in the red” to “in the black.” More recently Thanksgiving week, extended into Cyber Monday, also marks prime time for cyber attacks, as opportunistic hackers follow the money:
- The National Federation of Retailers predicts a 4.1% increase in holiday spending in 2018 over 2017 (and 2017 holiday sales were up 5.5% over 2016)
- Combined, Thanksgiving Day plus Black Friday in 2017 realized $7.9 billion in online sales (up 17.9% from 2016 per Adobe Analytics)
- $5.03B spent on Thanksgiving Day with 12.5M online transactions processed
- $2.87B spent on Black Friday with 13M online transactions processed
RSA, a global cybersecurity leader, has estimated that by 2018, e-commerce fraud-related losses would double. It also noted in its 3Q2018 fraud report that phishing attacks were behind 50% of all observed cyber attacks—a 70% increase from the second quarter—and that mobile device fraud is on the rise (27% over 2017). Whether individuals encounter such attacks at home, at work, or on the road, the risk of introducing a compromised device into your business network is high. Here are some online shopping and traveling safety tips to share with your staff:
- Visit websites safely. Activate your own personal hotspot when away from a known, trusted, secured network (e.g., home or office). Key in the URL—never click on a link contained in an email, text message, or online coupon.
- Visit safe websites. Websites are not created equal. Make sure that the padlock icon and “https” are visible.
- Visit real websites. Brand theft is common and ranges from bogus products to bogus websites. The ratio of fraudulent to authentic websites is 20:1! Typosquatting is a passive hacking technique whereby “look-alike” domain names are used (i.e., changing one or two letters in a company name) to entice the unwary.
- Approach shipping, invoice, purchase order, or wire transfer messages with caution. I approach this kind of message the way I approach changing my granddaughter’s diapers. That is, I look at the general shape of the message (usually just the subject line), poke at the sender name (or at least hover the cursor over it), and see if it passes the smell test. (I don’t like surprises.) Yesterday I received an email from a merchant account about payment having been posted to a vendor I didn’t recognize. The sender name looked legitimate, but rather than open the message, I checked my merchant account for recent payment transactions. There were none. I reported the offending message as a phishing attempt.
- Approach real estate deals with skepticism. Fake offers for vacation rentals may look too real to resist. Nonexistent ski rental houses are common in Colorado: Criminals request bank account and social security numbers, deposit funds, and personal references to perform background checks. Title companies are also targeted within the real estate industry, a sector in which scams have increased 1100% from 2015 to 2017 with monetary losses for the same period increasing 2200%. Much information about the housing market is publicly available, so the social engineering work of crafting a credible fake site and product offering is simplified.
- Secure your portable devices. Physical security is a concern whenever you travel, so keep track of your devices, don’t store credit and banking account information on them, and turn off Bluetooth and WiFi. Bluetooth is often considered a personal area network (PAN) technology—but its signal broadcasts up to 300 feet away. Reduce your WiFi memory by removing previous access points like attwifi, starbuckswifi, and so forth.
- Secure your data. If you can’t leave home without it (i.e., without your laptop and other data storage), back it up to an external device before you leave home—and leave that storage at home or in the office in a safe place.
Celebrate the giving spirit but be sure your gifts reach those intended! Be a Grinch about unintentionally giving things and information away. And always give thanks.