As hype surrounding the Black Friday and Cyber Monday bonanza continues to rise with retailers touting some over-the-top markdowns and flashy sales, kerfuffles in the aisles are not the only danger to watch out for during your shopping spree. While the shopping events may be some of the best days to snag a bargain, hackers and scammers may also be lurking online.
Cybercriminals and opportunistic hackers often look forward to such events for people to let their guard down, allowing them to pounce on the opportunity to steal shoppers' valuable data or money.
"The cyber security threats that are using Black Friday deals as a cover will continue into the holiday season," Scott Cairns, CTO at Deutsche Telekom's cybersecurity arm T-Systems, told IBTimes UK.
"Malicious phishing and malware emails will use Christmas sales as bait to try and lure consumers into clicking. The threat to businesses will come from employee panic as Christmas approaches. Employees late-buying presents for loved ones will be more likely to click on phishing emails as they search for deals in a hurry."
With the cacophony of deals this holiday season, shoppers need to be extra careful and be wary of the risks when making purchases.
Here are a few tips shoppers can use to stay cybersafe when hunting for the perfect bargain, both in-store and online:
1. Steer clear of fake websites
When shopping online, be wary of fake websites created by threat actors that are designed to look like official sites by retailers and boast some outrageous deals. However, these sites are often a front to steal eager shoppers' personal and financial information.
Watch out for suspicious language, grammatical errors or deals that seem too good to be true. Shoppers should also check the URL of the website for "https" and the padlock sign in the web address to make sure the site is secure.
2. Watch out for any particularly "phishy" emails
With virtually every retailer touting sales and deals online, shoppers should expect a surge of phony, hoax emails amid the many legitimate Black Friday, Cyber Monday and holiday deals. These dubious messages could be carrying malicious code, phishing scams or phony links under the guise of a particularly tempting bargain that must be grabbed "before it's gone".
"These are the dreams of spammers and phishing instigators — to be able to send out emails that we mortals are unable to resist, and to top it all off they can be as extravagant as they wish," ESET security specialist Mark James warned.
Beware of any emails that offer deals, cash prizes and timed sales. Always check the email address and do not click on any links embedded in the message.
"We do like a bargain, we do like the idea of getting a good deal on something, and the bad guys know that," James added. "They will try and trick you — they will adapt and tailor their approach to steal your data, and sadly, will do all they can to make you a victim."
3. Beware of fake freebies on Facebook and Twitter
Wild deals and prizes from free flights, sunglasses and iPads to cheap tickets and phones, fraudsters often post attractive and colourful deals on social media that could spread far and wide.
Unsuspecting victims who click through are often prompted to divulge their personal information such as names, email and physical address to receive the promised goodies.
In such cases, it is safer to stick with the well-known adage — "If it sounds too good to be true, it probably is."
4. Avoid shopping on public Wi-Fi
Do not do any online shopping while you're logged into a public network such as a coffee shop, airport or nearby restaurant.
5. Use a separate card for online shopping
With security breaches on the rise, it may be wise to set up a separate credit card for online shopping. Should hackers manage to grab your credit card information, the rest of your banking information and details will remain safe.
6. When you can, use online payment services or cash
If you don't have the time to set up a separate card, try using a credit card that is not directly tied to your bank account to avoid the risk of an attacker stealing your banking information in one full swoop.
Security experts also recommend using online payment services such as PayPal or Venmo when possible to avoid entering your card details altogether.
According to Travis Smith, principal security researcher at Tripwire, such technology will "reduce the footprint of where your credit card information is processed between, thereby reducing your risk of having your credit card information stolen".
However, if you are shopping in a physical store, try to use cash whenever possible.
"The safest way to pay in a brick and mortar store is to use cash. It is a physical medium which requires no interaction with the internet, where cyber criminals can lurk in any corner of the world," Smith said.
7. No cash on hand? Opt for Chip and PIN
Don't have cash on hand? Use the more secure Chip and PIN form of payment rather than simply swiping the magnetic strip.
"Magnetic stripe is by far the riskiest of all the technologies due to the fact that the credit card data is processed by the terminal in memory in clear-text, as the credit card number has to be sent to the payment processor to extract funds from the account," Smith explains. "The way magnetic stripe transactions keep your account safe is mainly due to encrypting the traffic as it is sent between merchant and payment processors. As a customer, you have little control over protecting your account besides keeping your card number a secret."
8. Stay up-to-date
Make sure your device has the most recent recommended system and up-to-date security patches to avoid any potential security holes for malicious software to sneak through.
9. Don't say too much
When shopping online, never give out anything other than your name, address or phone number. Retailers will never ask you to answer any security or privacy questions when making a purchase or checking out.
10. Cover your tracks and strengthen your password habits
Always monitor your purchases by having SMS and email alerts sent to you immediately. Keep track of your credit card statements as well to watch for any suspicious activity or unauthorised transactions.
If you are asked to become a member by a retailer, be careful of how much information you choose to share upon joining. According to Keeper Security, only share information that you are comfortable exposing in case of a data breach.
Pay attention to the password you choose to enter for the website as well. While you may choose to enter your go-to password for retail websites, this is a poor, lazy and extremely dangerous security practice.
Remember never to use the same password or versions of the same password across multiple sites and services. Always use strong passwords and update them regularly.