Holiday Hacking? Beware The ‘Black Friday‘ Flash Sales!

It is Jeff Bezos’ online retail mammoth, Amazon, which most people credit with the global export of Black Friday in 2010. Since then, the ONS statistics show weekly Internet purchases during the month of November have almost tripled, & internet sales as a percentage of total retail sales have more than doubled from October 2010 to 2018.

The flash sales associated with the last weekend of November are no longer exclusive 24-hour deals, often running during the entire week running up to Black Friday & beyond, culminating in so-called Cyber Monday when retailers cut prices still further for the goods they’re selling online.

November 29th this year will mark just the beginning of the flash sale season however, with online & in-store sales & discounted offers running right up to Christmas & into the New Year sales come January.

The data is clear when it comes to online retail spend. Greater numbers of people, in more countries than ever before, are spending more money overall, & significant amounts (close to 20 percent in the United Kingdom) are being captured online.

With more consumers taking to smartphones, tablets, apps & even voice assistants now, purchasing has certainly become easier.

However, as brands increasingly take to hawking their deals through digital channels, including floods of promotional emails to inboxes & the seemingly incessant ‘ping’ of tweet & text alerts highlighting great deals, the opportunities for hackers looking to misappropriate consumer data or disrupt connected digital supply chains have undoubtedly increased, too.

While online scams are not solely exclusive to the Black Friday or festive sales periods, it is worth noting that these periods are particularly appealing for hackers given the surge in consumers looking to make online purchases across mobile devices & often unsecured wifi networks, all of which represent potential back-doors in to secure details & data.

I’m guessing that if you’re reading this blog, you’ll no doubt have had experienced some of the following Black Friday & Cyber Monday tactics. Typical stings likely included phishing emails pitching ‘time limited’ cheap designer offers, or bogus websites trying to lift credit card details — remember those?

More sophisticated approaches include: blackhats planting malware & cryptojacking modules wherever they think consumers might click, or even posting malicious apps posing as branded special offers.

Beyond the immediate effects of any of the above scams, there are more sinister applications for stolen data & personal details on the Dark Web. With enough captured data, organised criminal cyber groups or ‘lone wolf’’actors can create profiles & even entire fake individual histories that they can use or sell for a variety of illicit purposes.

Having read the last couple of paragraphs, you may have felt that the only option you have this holiday season is to unplug your Internet router, stow away all laptops & tablets & turn off your Amazon Alexa. But that is neither the aim of this piece, nor would that be realistic or practical.

If you take anything from this article, simply take it as a reminder that while surfing the Internet for deals — holiday or unrelated — try to remain aware of your online surroundings. Remember the old adage: if it sounds too good to be true, it most likely is.

Regardless of time of year, always try to shop on top-ranked search results, or even type suspicious URLs in manually to check links for typos, repeated letters, or other flaws that could indicate an impostor site (a favourite or hackers).

Always use legitimate apps, only downloading them from accredited platforms like Google Play or iTunes, & always make sure to use the most up-to-date versions of an app. For the super security-minded out there, you can even check the developer account that posted an app if you still aren’t convinced of its legitimacy.

Take note of your surrounding & networks. Often, open or public wifi networks can be a petri-dish for cyber-nasties, so only trust networks that you know & trust. For those truly paranoid androids looking for a next level layer of online security, you can even use an accredited Virtual Private Network, like a Tunnel Bear, Nord VPN or Aloha.

With cybercrime & global regulatory environments evolving at a faster pace than ever before, brands & organisations today can ill afford to rest on their laurels when it comes to the ways they use & secure the data they own & use on a daily basis.

With the European Union’s General Data Protection Regulation now fully established & the more recent implementation of the California Consumer Privacy Act, the monetary & reputational cost of downtime, data leaks & data misuse just got a whole lot more real as brands gear up their digital & eCommerce offerings this coming holiday season.