Shoppers warned of cyber risks during holiday deals

Today

Black Friday and the holiday shopping period have become synonymous with increased online shopping, but they also present heightened risks due to cybercriminal activities. As shoppers flock to online platforms in search of deals, malicious actors are equally drawn to these digital marketplaces, deploying increasingly sophisticated methods to steal sensitive data and disrupt online transactions.

Craig Searle, director of consulting and professional services (Pacific) and global leader of cyber advisory at Trustwave, emphasises the importance of using secure payment methods when shopping online. "Avoid providing your credit card information directly whenever possible," he advises. Instead, he recommends using platforms like PayPal, Apple Pay, or Google Pay, which offer an additional layer of security and better handling of chargebacks and dispute resolution, thus providing consumers with greater protection and peace of mind.

On the broader threat landscape, Tim Ayling, VP EMEA for Imperva, a Thales Company, highlights the increasing threat posed by "bad bots," which are part of a broader trend of cyberattacks leveraging Artificial Intelligence (AI) and Large Language Models (LLMs). According to Ayling, these bots are used to steal payment information and execute account takeover attacks, which surged by 85% during last year's Black Friday period. The use of AI allows cybercriminals to quickly test vast numbers of stolen credentials and send highly convincing phishing messages to gain access to consumer accounts. Once infiltrated, they not only make fraudulent purchases but also compromise sensitive data, severely undermining customer trust.

The risk is not confined to the retail sector. As Travel Tuesday approaches—a day preceding the holiday dedicated to travel deals—travel operators are also bracing for a surge in cyberattacks. Ayling notes that travel sites are attractive targets because they require detailed personal and payment information. Cybercriminals use bots to scrape data and commit fraudulent transactions, often targeting loyalty programmes. They even engage in "seat spinning," where bots hold seats without purchasing them, leading to potential revenue loss.

To combat these threats, Ayling urges retailers and travel operators to adopt advanced security measures. These include implementing account takeover protection solutions that can detect suspicious login attempts and using multifactor authentication to verify identities. Additionally, businesses should actively monitor for unusual activities indicative of bot attacks. By doing so, they can better safeguard customer data and maintain trust while protecting their revenue streams.

The National Cyber Security Centre (NCSC) has also issued warnings to Black Friday shoppers, reflecting concerns over the potentially significant financial impact of scams this year. The convergence of online shopping frenzy and sophisticated cyber threats underscores the importance of vigilance and robust security protocols.

While the convenience of e-commerce is undeniable, the associated risks demand both consumer awareness and proactive industry measures to counteract cyber threats. By prioritising secure payment methods, adopting advanced protective technologies, and staying informed about evolving threats, consumers and retailers alike can more safely navigate the holiday shopping season.

Share on: