Experts warn of cyber risks as Black Friday approaches

Yesterday

As shoppers eagerly anticipate Black Friday and Cyber Monday, experts are raising alarms about the increased risk of cybercriminal activity, particularly highlighting the dangers of malvertising and other forms of online fraud. These high-traffic shopping events not only present opportunities for enticing deals but also serve as a fertile ground for malicious actors aiming to exploit unsuspecting consumers.

Maryam Meseha, a founding partner at Pierson Ferdinand and co-chair of the Data Privacy and Security Group, elucidates the risks involved with malvertising during these peak shopping seasons. She explains that cybercriminals often inject malicious code into advertisements or links that redirect users to harmful sites, potentially leading to the theft of personal information or device compromise. "A legitimate ad will always come from a trusted source," she emphasises, pointing out that cybercriminals rely on third-party sites to plant their deceptive code, especially during times like Black Friday when online traffic surges.

Meseha advises consumers to shop smartly by sticking to official retailer websites or well-known platforms and being cautious of deals from unknown sources. She also recommends hovering over URLs before clicking to ensure their authenticity and utilising antivirus and ad-blocking software to filter out malicious content. Her remarks underscore the importance of vigilance in preventing personal data breaches during these major shopping events.

Adding to the discourse, James Sherlow, Systems Engineering Director for EMEA at Cequence Security, sheds light on the broader landscape of online fraud, highlighting the role of retailers in safeguarding e-commerce platforms. According to Sherlow, while consumer-focused guidance, such as two-factor authentication, is beneficial, it largely places the responsibility on the individual shopper and does not address the root causes of online fraud.

Sherlow points out that much of the online fraud can be attributed to the exploitation of security weaknesses in applications and their associated APIs, which are fundamental to e-commerce operations. He warns that attackers often use sophisticated bots to perform account takeovers, commit fraud, and even overload websites, potentially causing damage to both revenue and brand reputation. "These attacks are typically bot-driven, and the consumer is powerless to do anything about them," Sherlow notes, urging retailers to employ advanced security measures like machine learning and behavioural analysis to detect and manage malicious bot activity.

For effective prevention, Sherlow advocates for a multi-faceted approach, incorporating logging, tagging, rate limiting, deception, and blocking as potential responses to thwart attacks. He stresses the necessity for cohesive solutions addressing both bot and API attacks to avoid delays in response time that could allow sophisticated bots to bypass security measures.

The perspectives offered by Meseha and Sherlow highlight a dual responsibility in the fight against cybercrime during large-scale shopping events: consumers must remain cautious and informed, while retailers are called upon to fortify their platforms with robust security measures. As the digital landscape continues to evolve, both parties must stay vigilant to protect against the ever-advancing tactics of cybercriminals, ensuring that the lure of deals does not turn into a nightmare of compromised security.

Share on: