Top

Shore up defences against the rising tide of cybercrime this Black Friday

Christmas is right around the corner, and with the festive period in full swing, all eyes are on the upcoming Black Friday sale. However, it’s not just shoppers looking to get lucky this holiday season. Black Friday is a scammer’s ideal Christmas market, and with almost 77% of Black Friday-themed spam emails in 2024 identified as scams, scammers waste no time peddling their wares.

A recent report has revealed the sheer variety of tactics used by these scammers, with projects ranging from fake websites targeting a diverse range of demographics to impersonating well-known brands and advertising irresistible sales. As online shopping continues to grow, many scammers have taken advantage of the number of consumers who rely on social media for their purchases, executing scams across popular sites such as TikTok

The retail risk

To generate these targeted scams, cybercriminals require key personal information, and they target brands and retailers to harvest this data. “Retailers are already a top target for bad actors, and there’s been a rise in cyberattacks in the past year,” reveals Shobhit Gautam, Staff Solutions Architect at HackerOne. “This year, retailers will also be handling a massive volume of sensitive, personal information, including payment details, names, and addresses. Increased online sale activity and depleted security teams due to the holidays and time away heightens the chance of cyberattacks, leaving consumer data ripe for the picking.”

This warning is also echoed by Dan Bridges, Technical Director – International at Cyware. He explains how “retailers collect and store vast quantities of data, much of it sensitive customer data like credit card details of personally identifiable information (PPI) – a treasure trove for attackers. Malicious actors often target businesses when they are at their busiest, like during Black Friday, Cyber Monday, and the holiday shopping season. 

“With 41% of retail cyber attacks last year stemming from vulnerabilities and another 22% from compromised credentials it is critical that security measures are as robust as possible as retailers prepare for seasonal traffic surges. However, according to Gartner, many organisations lack the understanding of their threat landscape.”

Plan and prepare

It is clear that retailers are squarely in the crosshairs during this festive period. With reduced staffing and increased pressure, there is a sore need for additional support. Some retailers have already taken steps to bolster their defences. 

As HackerOne’s Gautam observes: “Some retailers use bug bounty programs and the security researcher community to help fill skills gaps on their teams and proactively find vulnerabilities, which can reduce the chances they become a successful target for cybercriminals during the holiday rush.”

He adds, “While being proactive and implementing security controls is vital, “organisations must also plan and prepare for their worst-case scenarios. It is essential to have a tried-and-tested incident response plan handy and ensure the backups are ready if things go south. Not only on the retailer side but with the rise in the use of AI for social engineering attacks (such as phishing and vishing), consumers must be vigilant when clicking on sale links and URLs.”

Collaboration is key

As Black Friday draws near, many retailers are already under attack. It is crucial that these attacks serve as a learning experience, with retailers sharing this threat intelligence both within their security teams and with the wider industry. 

Collaboration is key when it comes to defending against the sheer diversity of attacks from cyber criminals, Cyware’s Bridges explains. “Threat intelligence helps enterprises get ahead of attacks, but it isn’t easy to segregate, correlate, and prioritise the huge volumes of available threat data to create a ‘single source of truth.’ Just adding threat intelligence isn’t enough. We must connect the dots.

“This next-generation approach to cybersecurity – often referred to as cyber fusion – unifies all security functions such as threat intelligence, security automation, threat response, security orchestration, incident response, and others into a single connected platform which detects, manages, and responds to threats in an integrated and collaborative manner. 

“The importance of collaboration – inside and outside the organisation – cannot be overstated. Collective defence focuses on an open, trusted ecosystem where security teams are empowered to work much more closely with trusted community peers as you manage intelligence, develop detections and response plans, and respond to threats.

“At the end of the day, threat intelligence only works when it can communicate the relevant data to the right people, at the right time, so they can quickly take meaningful action,” Bridges concludes. “As has been written about many times over, there is no silver bullet when it comes to tackling cybercrime – whether it’s a genuine mistake or a deliberate, targeted attack – but by fusing disparate elements of the cybersecurity stack, the risk of falling victim will be reduced.”

More than £11.5m was lost to scammers across the UK during the Christmas period last year. It is vital that the necessary steps are taken from retailers and consumers alike to ensure that all scammers get for Christmas this year is coal.

Andriani has been working in Publishing Industry since 2010. She has worked in major Publishing Houses in UK and Greece, such as Cambridge University Press and ProQuest. She gained experience in different departments in Publishing, including editing, sales, marketing, research and book launch (event planning). She started as Social Media Manager in 4i magazine, but very quickly became the Editor in Chief. At the moment, she lives in Greece, where she is mentoring women with job and education matters; and she is the mother of 3 boys.