Type the phrase “Cyber Monday” into Google, and you’ll find links not only to special Cyber Monday coupons and savings, but also to Cyber Monday-only sales at some of the largest online retailers. It’s truly become the internet’s version of Black Friday.
Cyber Monday began “officially” in 2005 (it was made up by a marketer), but the phenomenon goes back to the beginning of online shopping, before personal computers and broadband connections were a fixture in homes. People would return to work on the Monday after Thanksgiving and shop from their office computers.
This year, 46 percent of Thanksgiving weekend shoppers are expected to shop online on Cyber Monday, according to the National Retail Federation, although many of us will be shopping from the comfort of our living-room sofas. Cyber Monday has gone mobile as well, with about half of online shoppersexpected to make holiday purchases from their smartphones or tablets, according to Adobe Analytics.
Of course, as the popularity of Cyber Monday grows and the deals get bigger and better, the risks of shopping online also increase. Cybercriminals love Cyber Monday too, and they work hard to get rich off the huge number of people engaging in online commerce around the holidays.
“Our inboxes are filling up with offers, and it’s easy to slip something malicious into the volume of unsolicited emails during this time of year,” said Don DeBolt, senior technical director at Milpitas, California-based security company FireEye.
“Due to the sheer volume of people shopping on Monday, [it also] makes for a great time to insert a malicious advertisement into an established ad network,” DeBolt said. “This type of attack is known as ‘malvertising‘ and results in the attacker taking you to a website of their choosing when your browser loads the malicious advertisement.
“Computer users have little control over this attack if they are not using an ad-blocking application, so it is highly recommended that an anti-malware product is used to best protect against this kind of attack.”
To help shoppers stay safe and secure on Cyber Monday, here are some tips.
Shop from a secure computer
A computer or Android phone that isn’t protected by antivirus software is more likely to be compromised by malware. Otherwise, all data entered into or transmitted from that phone or computer is at risk, including all forms of personally identifiable information, credit-card numbers and bank accounts. Be sure to keep the operating system and all internet-facing apps updated to the latest software versions.
Shop using a secure connection
Data can be at risk during transit if an attacker controls the network or uses packet-sniffing software. Web protocols such as HTTPS encrypt communications, but in some advanced attacks even those could fall to a “man-in-the-middle” attack. Nonetheless, always look for the HTTPS lock symbol in your browser address window when performing an online purchase.
Search for deals on retailer sites, not on search engines.
Scammers “poison” search results with malicious or deceptive links. Want that latest game console? Run a search on the Best Buy, Amazon or GameStop sites rather than on Google.
Use trusted vendors
Any website can be attacked by hackers, but limiting your shopping to established and trusted vendors limits your exposure. Bookmark the most trusted online retail sites to make sure you don’t get redirected to fakes.
Don’t fall for ‘too-good-to-be-true’ deals
Cyber Monday features a lot of incredible, legitimate deals offered by trusted mainstream retailers. But cybercriminals will prey on shoppers’ desire for the lowest prices and will try to slip in a lot of fake deals. Watch out especially for emails, text messages, pop-up browser windows and Facebook and Twitter posts promising fantastic savings. Clicking on links in the messages or posts could lead to scams, phishing sites or sites distributing malware. And don’t open attachments in emails promising fantastic deals.
Plan ahead and don’t be rushed
Cyberattacks take but a split second to occur. Sometimes all that’s required is clicking on a link in an email. Look for clues to malicious links, such as an extra “.cc” at the end of what would otherwise be a trusted domain name. Take the time to make sure you’re on the correct website.
Review credit-card and bank statements regularly during the shopping season
Malware can infect credit-card readers in stores, and unscrupulous cashiers often steal card numbers as well. If you find a transaction that doesn’t match your purchases, your account may have been compromised. If so, contact your bank or card issuer.
Don’t use debit cards online
You’ve got far less protection against fraud on a debit card than you do with a credit card. Stick to credit cards when shopping online. If you absolutely must use a debit card, use the prepaid kind with a set spending limit.
Use unique passwords and logon information for every site you visit
Yes, it’s a pain to remember all those passwords. But if one of them is stolen, a cybercrook will try using it on other websites. Passwords should be as long as possible and contain a mix of upper- and lower-case characters, numbers, punctuation and symbols — and they shouldn’t be reused, especially for any website that handles your money. If you have trouble handling them all, use a password manager.
If you’re shopping from a tablet or smartphone on Cyber Monday, use a trusted vendor’s app, not a web browser
Vendors have more control over their own apps than they do over mobile browsers, which often don’t display the web addresses of the sites to which you’re giving your credit-card information.
Never install software on your mobile device from a website link or code
Software from locations other than the device’s official “store,” such as Apple’s iTunes App Store or the Google Play Store, has a greater chance of being malicious. Even then, check to make sure that the app developer is the official retailer — a lot of Amazon-related apps in Google Play have no connection to Amazon.