One of the biggest shopping periods of the year is fast approaching. Black Friday and Cyber Monday deals will soon begin to surface, and the made-up holidays are expected to break all sorts of records this year despite the COVID-19 pandemic.
Cyber Monday began "officially" in 2005 (it was made up by a marketer), but the phenomenon goes back to the beginning of online shopping, before personal computers and broadband connections were a fixture in homes. People would return to work on the Monday after Thanksgiving and shop from their office computers.
With the increase in fast home internet connections, not to mention the millions of people working from home in 2020, the distinctions between Black Friday and Cyber Monday are more blurry than they once were. But retailers are still marking them both with individual sales.
Of course, as the popularity of Cyber Monday grows and the deals get bigger and better, the risks of shopping online also increase. Cybercriminals love Cyber Monday too, and they work hard to get rich off the huge number of people engaging in online commerce around the holidays.
"Our inboxes are filling up with offers, and it's easy to slip something malicious into the volume of unsolicited emails during this time of year," said Don DeBolt, director of operations at the ThreatSpace division of Milpitas, California-based security company FireEye.
"Due to the sheer volume of people shopping on Monday, [it also] makes for a great time to insert a malicious advertisement into an established ad network," DeBolt said. "This type of attack is known as 'malvertising' and results in the attacker taking you to a website of their choosing when your browser loads the malicious advertisement.
"Computer users have little control over this attack if they are not using an ad-blocking application, so it is highly recommended that an anti-malware product is used to best protect against this kind of attack."
In 2019, we saw reports that cybercriminals have created up to 100,000 fake online-shopping websites, made up to look like well-known websites and with similar web addresses, to lure in shoppers and hit them with scams. And Macy's. one of America's biggest retailers, disclosed that its website had been infected with credit-card-stealing malware.
To help shoppers stay safe and secure on Cyber Monday, here are some tips.
Shop from a secure computer
A computer or Android phone that isn't protected by the best antivirus software is more likely to be compromised by malware. Otherwise, all data entered into or transmitted from that phone or computer is at risk, including all forms of personally identifiable information, credit-card numbers and bank accounts. Be sure to keep the operating system and all internet-facing apps updated to the latest software versions.
Shop using a secure connection
Data can be at risk during transit if an attacker controls the network or uses packet-sniffing software. Web protocols such as HTTPS encrypt communications, but in some advanced attacks even those could fall to a "man-in-the-middle" attack.
You should always look for the HTTPS lock symbol in your browser address window when performing an online purchase. But it's not a guarantee that the site is genuine — many malicious sites now use encrypted connections too.
Search for deals on retailer sites, not on search engines
Scammers "poison" search results with malicious or deceptive links. Searching for the best iPad deals? Run a search on the Best Buy, Amazon or GameStop sites rather than on Google.
Use trusted vendors
Any website can be attacked by hackers, but limiting your shopping to established and trusted vendors limits your exposure. Bookmark the most trusted online retail sites to make sure you don't get redirected to fakes.
Check each website's URL
This may seem obvious, but you'll want to check each retail website's address, aka URL, in your browser's address bar.
Scammers who want to steal your credit-card number or personal information will "clone" well-known shopping sites and park them at web addresses that are often just one mistyped letter away from the real thing.
Don't fall for 'too-good-to-be-true' deals
Cyber Monday features a lot of incredible, legitimate deals offered by trusted mainstream retailers. But cybercriminals will prey on shoppers' desire for the lowest prices and will try to slip in a lot of fake deals.
Watch out especially for emails, text messages, pop-up browser windows and Facebook and Twitter posts promising fantastic savings, especially if the link is a shortened URL — you really don't know where those will lead you.
Clicking on links in the messages or posts could lead to scams, phishing sites or sites distributing malware. And don't open attachments in emails promising fantastic deals.
Plan ahead and don't be rushed
Cyberattacks take but a split second to occur. Sometimes all that's required is clicking on a link in an email. Look for clues to malicious links, such as an extra ".cc" at the end of what would otherwise be a trusted domain name. Take the time to make sure you're on the correct website.
Review credit-card and bank statements regularly during the shopping season
Malware can infect credit-card readers in stores as well as online retail websites, and unscrupulous cashiers often steal card numbers as well. If you find a transaction that doesn't match your purchases, your account may have been compromised. If so, contact your bank or card issuer.
Use only credit cards online
You've got far less protection against fraud on a debit card than you do with a credit card. Stick to credit cards (including American Express) when shopping online. If you absolutely must use a debit card, use the prepaid kind with a set spending limit.
When the site asks if it can save your credit-card number for next time, decline the offer. You'll have to type the number in again next time you visit (unless you use one of the best password managers), but you'll have one less thing to worry about when the site gets hit by a data breach.
If a website wants you to pay with a gift card instead of a credit or debit card, that's a huge red flag. Don't shop there. And if a site wants you to pay with a direct transfer from your bank account, that's even worse. Run away.
Use unique passwords and logon information for every site you visit, or don't create an account at all
Yes, it's a pain to remember all those passwords. But if one of them is stolen, a cybercrook will try using it on other websites. Passwords should be as long as possible and contain a mix of upper- and lower-case characters, numbers, punctuation and symbols.
However, if you're just making one or two purchases on a retail website — one you trust, of course — there may not be a need to create an account. Most websites let you shop without one, and one less online account is one less to worry about.
If you're shopping from a tablet or smartphone on Cyber Monday, use a trusted vendor's app, not a web browser
Vendors have more control over their own apps than they do over mobile browsers, which often don't display the web addresses of the sites to which you're giving your credit-card information.
Never install software on your mobile device from a website link or code
Software from locations other than the device's official "store," such as Apple's iTunes App Store or the Google Play Store, has a greater chance of being malicious. Even then, check to make sure that the app developer is the official retailer — a lot of Amazon-related apps in Google Play have no connection to Amazon.