Cyber hackers are extremely fond of holiday shopping periods because many unsuspecting shoppers let their guards down and become targets easily by clicking on fake deals and from unknown sources.
Black Friday and Cyber Monday are open season for hackers and cybercriminals, said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management.
"They've been gathering data all year about how to spoof you and their attempts will be very realistic," he said. "Not everyone is a crook and there will be genuine bargain offers, but stop and think before your press that button."
Cyber criminals are waiting for consumers to fall prey to their carefully planned attacks by using free WiFi during Black Friday and Cyber Monday despite how open the networks are, said Joram Borenstein, a vice president of marketing of NICE Actimize, a New York-based financial crimes software solutions provider.
These open networks give criminals easy access to your smartphone or tablet while you are browsing the mall or store for the best deals.
"Free WiFi means cyber criminals can snoop on your activity and traffic," he said.
Whether consumers are shopping at a store or taking a break at a restaurant, hackers are ready to pounce on people who opt for free WiFi which appears to look like a legitimate option.
"Without a doubt, there could very well be hackers sitting there who would be very happy to give you a Chase, Wells Fargo or Amex log-in," said Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defense solutions.
Scanning QR codes from unknown sources is equally as bad as clicking on random links, said Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defense solutions.
"Any time you scan, click or hand over your email, your expectations of privacy have evaporated," he said. "Keep this in mind: your email and phone number are worth a lot more than that 50% coupon you're trying to obtain."
Why Those Cheap Deals Are Fake
A plethora of seemingly too good to be true deals can be found anytime from retailers with strange names, but the number of them increase exponentially during the holidays. Consumers are drawn to deals, especially ones for cheap electronics, but hackers are prepared with their phishing scams. Before clicking on links for these websites or coupons, shoppers must validate, check and then double check the site, the security, the SSL certificate and the spelling before putting in a credit card, said Roberts.
"You should also be aware of any links embedded in emails and anything you are looking at," he said. "Remember, if it looks too good to be true, then it probably is!"
Consumers must refrain from clicking on new emails from retailers they are not familiar with, especially ones which have extremely cheap deals, Borenstein said. Instead, go directly to the websites of the merchant that you want purchase from and ensure that your software is updated on all your smartphones, tablets and laptops.
"Hackers love this time of year for three main reasons because they know consumers are desperate for the best deals, that consumers are moving rapidly to find those deals and that a huge influx of consumers are suddenly paying more attention that at any other time during the year to e-commerce and online sales," he said.
Smartphone Shopping Perils
Hackers are lurking on the Internet and fake shopping websites. Shoppers who are apt to compare prices on their phone as they walk through a mall need to ensure they have installed the latest updates for their apps and operating system, said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.
"Make sure transactions are encrypted with https or look for the lock symbol on your PC," he said. "Use screen lock with a password, in case you lose your phone."
When consumers are shopping in crowded areas like malls, use extra caution on when and where your technology.
"Be fully aware of your surroundings and sit and take a break when using your smartphone," Lohrmann said. "Be aware that lost and stolen smartphones are a huge issue these days."
Shopping At Work
As more employees bring their own devices to the workplace, companies must be prepared to detect an active attacker whose goal is to compromise the company's network when an employee clicks on something malicious, falls for phishing or runs into a drive-by installation of malware, said Peter Nguyen, technical services manager at LightCyber, a Los Altos, Calif.-based provider of behavioral attack detection solutions.
"Attackers will compromise computers and get into networks, but you have to detect them quickly before they have a chance to steal or damage anything," he said.
Shopping online at work is becoming more ubiquitous and managers must expect that employees "will do something that will compromise security—and be ready for it," Nguyen said.
Employees are unlikely to refrain from bringing in their own devices and it may enhance their productivity and enables them to be more effective, he said. While companies are being exposed to more risk, this trend will not disappear as workers want the freedom to tackle their own IT needs.
"Despite the dangers that might come from employees cyber shopping at work, the debate is tired and draconian," Nguyen said. "The fact is it may actually be safer for an employee to shop at work on the company network, rather than using a work computer at home."