Shopping on Black Friday usually means wading through mobs of customers seeking out big savings and in some extreme cases, dodging a stampede of people trying to pick up the big ticket items. Cyber Monday brings a whole new level of crazy shopping on your laptop or smartphone in your underwear to grab the best deals online.
Many security firms are raising awareness and warning people about the cyber security issues these days bring. Fake Wi-Fi spots are used inside malls as well as fake reward apps offering deals which put your cyber security at risk. These hackers create these traps to capture account numbers and steal personal information.
This weekend is a perfect time for hackers to strike as with online sales peaking it will be easy for them to go unnoticed. An example of a hack that could happen is what happened to Target; increased shopping translates into more credit card details to steal.
Some 90% of people say they use their smartphones to check comparisons and reviews in store. What this means is shoppers are also looking for Wi-Fi to connect to in order to save them from using their data plan. While many stores do legitimately offer Wi-Fi for their customers, so do cyber criminals.
While the fake Wi-Fi hotspots target shoppers in bricks and mortar locations, the fake apps disguised as reputable brands target people shopping from home. As a result, consumers can lose money directly and businesses can lose a customers trust; 1 out of 10 Black Friday-themed mobile apps have been marked as malicious or fraudulent.
A different type of threat that we have seen recently that may also be appealing to hackers is a DDoS attack. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners knowledge. When a server is overloaded with connections, new connections can no longer be accepted. This, after all, will end up completely crashing a website for periods of time. Some of these hackers might see the busy sales period as an opportune time to showcase their capability or cause widespread disruption by targeting retailers.
DDoS extortion may be carried out because this weekend is such an important weekend for retailers. Hackers basically hold websites hostage not allowing anyone to connect to them looking for a ransom to be paid in bitcoin in exchange for the website to be returned to service.