View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 23, 2018

Fake Discounts and Phishing: It’s Black Friday, Run for the Hills

A 200% increase in phishing sites can be expected

By CBR Staff Writer

It’s Black Friday and if you’re planning a shopping spree on this US-inspired discount day, there are umpteen malevolent forces out to get you – and not just the retailers who think you have “sucker” written on your forehead.

(Last year consumer group Which found that a bald 60 percent of UK “deals” were either cheaper or the same price on either side of this day of apparent bargains; consumers should take “huge discounts” with a large pinch of salt).

Perhaps more pertinently, it’s also a ripe opportunity for phishing and other scam artists keen to prey on those not paying attention to their cybersecurity.

The National Cyber Security Centre was among those warning shoppers to beware as a result, today publishing seven tips (see below) to ensure your online retail experience is as secure as possible, while cybersecurity companies lined up to issue warnings.

With a survey by security certificates specialists Sectigo this week finding that otherwise established retailers like Dorothy Perkins, Topshop and Selfridges are all running insecure websites, without encrypted connections via HTTPS (Hyper-Text Transfer Protocol Secure), there’s work to be done on raising awareness.


The evidence also bears out claims that phishing surges this time of year.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Dave Kennerley, Director of Threat Research, Webroot said in an emailed comment: “When we examined data from 2017, we found a 58 percent increase in traffic on Cyber Monday compared to the average for the entirety of November.”

He added: “Between November 19th and December 5th, there was an average of 203 percent more phishing sites detected per day compared to 30 days prior, with a notable peak around November 27th. We can expect that phishing will still be rampant throughout the 2018 festive period and both businesses and consumers must be aware that the data they have is valuable to bad actors and they will be targeted.”

Phishing: Don’t be a victim…

Kaspersky Labs meanwhile conducted some research into how cybercriminals are targeting shoppers and found that:

  • There were 9.2 million attempted attacks by the end of Q3, 2018, compared to 11.2 for the whole of 2017
  • Half all online shops attacked were well known consumer apparel brands including fashion, footwear, gifts, toys and department stores
  • Over three million sets of e-commerce credentials were found up for sale on a marketplace easily accessible through the Google search engine
  • Betabot was found to be targeting 46 different brands, including 16 different consumer apparel brands, four consumer electronics brands and eight entertainment/gaming brands; with most of those affected in Italy (14.13% of users affected by any malware were targeted by this threat), Germany (6.04%), Russia (5.5%) and India (4.87%).
  • Gozi was found to be targeting 36 brands, including 19 consumer apparel and three consumer electronics brands; with most of those affected in Italy (19.57% of users affected by any of malware), Russia (13.89%), Brazil (11.96%) and France (5.91%).

The NCSC’s 7 Tips to Staying Safe

1: Use strong passwords

Secure your important accounts with a good password– you should have a strong password for your email, that you don’t re-use anywhere else, so anyone who successfully hacks your email won’t also be able to log into your bank account.

2: Turn on two-factor authentication (2FA)

To secure any online account even further, you can turn on two-factor authentication (2FA), which allows service you’re using to double check that you really are the person you claim to be when logging in.

3: Use a password manager

Using numerous different complex passwords can be hard to remember. So consider using a password manager. While some online retailers and banks recommend against this, they’re wrong to do so: the NCSC recommends them.

4: Take care with links in emails and texts

Stay alert. Fake websites proliferate. Only shop on sites that you trust and report phishing emails to Action Fraud. There’s plenty of information out there about how to spot a phishing scam including this from Which?

5: Don’t give away too much information

You don’t normally have to give out your mother’s maiden name or the name of your primary school to buy something. Be cautious if they ask for details that are not required for your purchase.

6: When things don’t feel right

Scams are increasingly sophisticated. Occasionally though, you’ll just get the feeling that something isn’t right, the NCSC says. It’s unusual advice from an organisation typically more precise with its advice, but “trust your gut” is the guidance.

7: After sales care

Be vigilant for any suspicious activity on your bank account after shopping. This is the quickest and easiest way of identifying if you’ve been a victim of a scam. Check your bank statements regularly, the NSCS recommends.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.