As Black Friday approaches, the anticipation among shoppers looking for unbeatable deals grows. But this global shopping phenomenon also creates a hotbed for cybercriminals, who exploit the surge in online transactions.
With a notable rise in phishing and social engineering attacks, businesses and consumers must remain vigilant to navigate these perils, said BCX Cyber Security managing executive Garith Peck.
“Phishing and social engineering attacks are not new, yet their tactics have become increasingly sophisticated. Typically, phishing involves cybercriminals masquerading as legitimate entities ‒ such as banks and retailers ‒ to extract sensitive information from victims.
“These attacks often manifest as urgent emails from seemingly trusted senders, urging recipients to click on malicious links or download harmful attachments,: said Peck.
Social engineering takes deception a step further by manipulating human psychology. Attackers may impersonate customer service representatives or colleagues, leveraging cognitive biases like fear or urgency to compel victims into disclosing confidential information. Techniques such as vishing (voice phishing), smishing (SMS phishing) and pretexting add a personal dimension that makes victims more susceptible to manipulation.
“The craftiness of phishing and social engineering attacks has surged. Thanks to advancements in artificial intelligence, attackers now automate and customise their schemes more adeptly than ever. AI systems can scrape public data, crafting emails that appear meticulously tailored to individuals. Even natural language generation allows cybercriminals to mimic the tone and style of a victim’s colleagues, enhancing the legitimacy of phishing attempts,” Peck said.
Deepfake technology presents a new frontier in cybercrime; hackers are using high-quality voice mimicry to impersonate executives. In one revealing case, an executive was fooled into approving a large wire transfer after being misled by a voice clone so realistic it sounded precisely like their own. Such incidents illustrate the increasing difficulty in detecting these imitative attacks, which often bypass standard verification processes.
“The nature of Black Friday shopping ‒ with its urgency and high transaction volume ‒ creates the perfect storm for cybercriminals.
“Phishing emails may masquerade as urgent notifications about limited-time deals or shipping updates, luring recipients into a trap. Attackers may engage in typosquatting, designing fraudulent websites that closely resemble legitimate retailers, allowing them to harvest sensitive data before shoppers realise the deception.” Peck said.
“Vishing and smishing episodes are likely to increase as criminals impersonate customer service agents, seeking personal information from consumers over the phone or via SMS. This turmoil makes it easier for attackers to succeed, particularly during a time when many shoppers are preoccupied with the day’s bargains.
Peck said to combat these escalating threats, businesses must embrace a multi-pronged cybersecurity approach:
AI-powered threat detection: Investing in AI systems is crucial. Advanced systems can analyse data, detecting phishing emails in real-time by recognising warning signs such as suspicious sender addresses and unusual content.
Multi-Factor Authentication (MFA): Implementing MFA for sensitive accounts offers an additional layer of defence, ensuring that even compromised credentials cannot provide access without verification.
Employee training: Regular training focused on recognising phishing attacks is vital, using simulated phishing activities to sharpen employee skills.
Endpoint protection: All devices, especially those used for remote work, should be secured to detect and block malware, enforce security patches, and manage access to sensitive systems effectively.
Data encryption: Ensuring sensitive information is encrypted both at rest and in transit is a foundational element of a robust cybersecurity posture.
Customer education: Clear communication about the risks of phishing should be shared with consumers, especially during peak shopping times like Black Friday.
In a landscape where phishing and social engineering have become increasingly targeted and sophisticated, companies must adapt their cybersecurity strategies accordingly. Traditional defence measures are insufficient against the complexity of modern threats.
“Cybersecurity is a collective responsibility that demands cooperation between IT teams, leadership, employees, and customers alike. By fostering a culture of awareness and vigilance, organisations can better prepare themselves against the evolving realm of cyber threats, ensuring resilience in a time of unprecedented online vulnerability.
“As the frenzy of Black Friday shopping emerges, understanding the risks associated with online transactions has never been more critical. Protect yourself and your business by staying informed on how to avoid falling prey to the growing threat of cybercrime.” Peck said.