Shopping Safely Online During Black Friday

Leading security awareness solution supplier, CyberReady has announced five easy security tips to help holiday shoppers safely navigate Black Friday and Christmas as holiday sales put employee data and corporate networks at risk. 

Coinciding with Black Friday, the  CyberReady is also releasing its enhanced CISO Toolkit to provide free tools with guidance on safe online shopping to help CISOs defend employee desktops, laptops, mobile devices and corporate networks.

According to the FBI, “Every year, thousands of people become victims of holiday scams. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood.” Shopping scams are notoriously active during Black Friday and Cyber Monday as millions of shoppers use their PC, laptop, or mobile device to search for deals and make purchases. This presents a considerable risk to organisations with a large number of employees working remotely

Black Friday and Cyber Monday phishing emails tend to showcase amazing deals. These offers typically use emotional tactics to lure consumers into clicking offers that don’t really exist. 

  • Advertising lures the user to enter a fake website and provide credit card information. 
  • Payment traps force the user to submit their credit card information rather than using a digital wallet or payment service, allowing the capture of this sensitive payment information. 
  • Other factors weaken the buyer’s judgement, making the situation even more dangerous as limited-time deals make it difficult to dig into the details, and unknown senders frequently text and email the buyer, adding to the distraction.

Consequently, when this busy shopping season arrives, it is critical to be aware of the increasing risks to personal finances and employer networks.

Now, CybeReady is offering the following guidelines to help reduce the chance of a scam or other sinister attack achieving success:

Before Shopping: 

  1. Always enter the URL for a merchant’s website yourself. Do not use a link from an ad or email. Use the brand’s official shopping application on your smartphone.

While Shopping: 

  1. Check for the lock symbol next to a website’s URL to ensure it is a secure site.
  2. Use a third-party payment method that does not transmit credit card information to the seller (like PayPal or Venmo) or use a disposable card.

After Shopping: 

  1. Visit the merchant’s website to see sales updates. Do not click links in emails or texts claiming to provide order updates. 
  2. Keep an eye on your financial account for any unexpected transactions.

Because some employees will inevitably use their corporate connected PCs, laptops and mobile devices to take advantage of short-term shopping specials, CISOs are also advised to implement additional safeguards.

To assist security leaders, CybeReady is releasing its enhanced CISO Toolkit which provides complimentary tools to help communicate relevant security information to employees, quickly and effectively. The enhanced toolkit provides an overview of security guidelines, policies and tips, offering easy-to-understand information to help avoid cybersecurity traps with guidance on:

  • Holiday Shopping Security
  • Zoom Security
  • Online Privacy 
  •  Password Security 
  • Fake News and Rumours
  • Remote Work
  • COVID-19-related Phishing Emails
  • Security in Times of Crisis
  • Sextortion - what employees need to know
  • Tips for Worry-Free Vacations

Acording to CyberReady's CEO, Eitan Fogel “It is important to realize how good deals for employees can become a bad ordeal for your organisation... During the Holiday Season employees may be easily distracted and hackers are very aware of this, resulting in a significant increase in cyber attacks as the holidays approach. In response, it must be an all-hands effort to ensure security is a top priority.”

 Download the free CISO Toolkit >> Here

You Might Also Read: 

The Hidden Costs Behind Black Friday Bargains:

 

« Detected - A Hard Matching Vulnerability Which Enables Azure AD Account Takeover
Four Reasons You Need RASP Security For Web Applications »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Phosphorous Cybersecurity

Phosphorous Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.