CybeReady announced five easy security tips to help holiday shoppers safely navigate Black Friday and Cyber Monday as holiday sales put employee data and corporate networks at risk. Coinciding with Black Friday, the company is also releasing its enhanced CISO Toolkit to provide complimentary tools with guidance on safe online shopping to help CISOs defend employee desktops, laptops, mobile devices, and connected corporate networks.
According to the FBI, “Every year, thousands of people become victims of holiday scams. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood.”
Shopping scams are notoriously active during Black Friday and Cyber Monday as millions of shoppers use their PC, laptop, or mobile device to scan for deals and make purchases. This presents a considerable risk to organizations with a large number of employees working remotely. These scams often focus on obtaining the victim’s financial information with methods that include phishing scams, advertising lures, push notification lures, and payment traps.
Black Friday and Cyber Monday phishing emails tend to showcase amazing deals. Oftentimes these offers use emotional tactics to lure consumers into clicking offers that don’t really exist. Consumers expect deals, so phishing emails on Black Friday focus on deals more than any other type of scam. Advertising lures entice the user to enter a fake website and provide credit card information. Payment traps force the user to submit their credit card information rather than using a digital wallet or payment service, allowing the capture of this sensitive payment information. Other factors weaken the buyer’s judgment, making the situation even more dangerous as limited-time deals make it difficult to dig into the details, and unknown senders frequently text and email the buyer, adding to the distraction.
So, when this unique shopping season arrives, it is critical to be hyper-aware of the increasing risks to personal finances and employer networks. In response, CybeReady is offering the following guidelines to help reduce the chance of a scam or other sinister attack achieving success:
Before Shopping:
- Always enter the URL for a merchant’s website yourself. Do not use a link from an ad or email. Use the brand’s official shopping application on your smartphone.
While Shopping:
- Check for the lock symbol next to a website’s URL to ensure it is a secure site.
- Use a third-party payment method that does not transmit credit card information to the seller (like PayPal or Venmo), or use a disposable card.
After Shopping:
- Visit the merchant’s website to see sales updates. Do not click links in emails or texts claiming to provide order updates.
- Keep an eye on your financial account for any unanticipated transactions.
Because some employees will inevitably use their corporate connected PCs, laptops and mobile devices to take advantage of short-term shopping specials, CISOs are also advised to implement additional safeguards during this time period. To assist security leaders, CybeReady is releasing its enhanced CISO Toolkit for the holidays, which provides complimentary tools to help communicate relevant security information to employees – quickly and effectively. Download the free CISO Toolkit here.
The enhanced toolkit provides an overview of security guidelines, policies and tips, offering easy-to-understand information to help avoid cybersecurity traps with guidance on:
- Holiday Shopping Security
- Zoom Security
- Online Privacy
- Password Security
- Fake News and Rumors
- Remote Work
- COVID-19-related Phishing Emails
- Security in Times of Crisis
- Sextortion – what employees need to know
- Tips for Worry-Free Vacations
“It is important to realize how good deals for employees can become a bad ordeal for your organization,” said CyberReady CEO, Eitan Fogel. “During the Holiday Season employees may be easily distracted and hackers are very aware of this, resulting in a significant increase in cyberattacks as the holidays approach. In response, it must be an all-hands effort to ensure security is a top priority.”
Source: CybeReady