Cyber Monday is right around the corner and this means employees will be shopping online at work. To prepare for the busiest online shopping day of the year, companies need to remind employees of how to be safe online.
It’s very easy for even the most cyber-aware employees to get caught up in the rush of online holiday sales and promotions. Retailers know that shoppers want deals and start their Cyber Monday push in late October.
A recent National Retail Federation survey highlights that 164 million people plan to shop during the five-day Thanksgiving weekend, with 75 million people expected to do their shopping on Cyber Monday.
Cyber criminals are also acutely aware of how profitable Cyber Monday and the holiday shopping season is. At this time of the year there is a rise in spoofed websites, phishing emails, fake social media sales promotions, and malware attacks.
It takes just a few statistics to emphasize why companies must support employees with cyber security training and awareness:
- 64% of organizations report an increase in cybercrime on Cyber Monday
- 336% increase in phishing emails and links during the Thanksgiving holiday season
- 30 million malicious social media posts during the holiday shopping season
This is the ideal time for companies to discuss and promote cyber security awareness. In the weeks leading up to Black Friday and Cyber Monday, encourage employees to take our free and interactive Protecting Your Home Computer course and keep cyber security awareness top-of-mind.
Online Shopping Cyber Threats
Cyber criminals rely on savvy social engineering techniques to prey on our lack of attention and inherent trust-worthy nature. When employees are shopping online at work, not only are they multi-tasking but they’re also trying to do their shopping as quickly as possible.
This creates the ideal scenario for cyber criminals and makes it easier for them to trick employees with spoofed websites, fake online Cyber Monday advertisements, tempting but malicious social media promotions, and phishing emails containing dangerous links and attachments.
Make sure employees are aware of how cyber criminals take advantage of Cyber Monday:
- Email Offers that come from companies that people don’t recognize. Often these emails include tempting sales offers for popular and hot holiday products. Shoppers are keen to get the deal and end up installing malware or shopping on a spoofed website where their credit card data is stolen.
- Spoofed Websites that mimic popular online shopping websites act as a front for cyber criminals to steal. Not only is the Cyber Monday shopper tricked into spending money on a product that never arrives but also in providing confidential information to cyber criminals that is then used to commit further cybercrimes.
- Social Media Promotions on Facebook, Instagram, Twitter, Messenger, and other popular social tools are on the increase. Cyber criminals monitor popular product hashtags on social media and then use this information to place targeted promotions. For example, a popular children’s toy is promoted by a recognized brand as #starwarslego. Cyber criminals then use this hashtag on their malicious social media promotions and might even use a Twitter or Instagram account name that closely resembles the legitimate brand. Shoppers are in a rush to make a purchase and do not notice that the social media account is faked or that the deal is too good to be true.
- Faked Apps are becoming more common with the rise in mobile shopping. Cyber criminals know which online store apps are the most popular and create fake apps that they promote on social media, in phishing emails, and on spoofed websites. Holiday shoppers think they’re buying from a legitimate app and don’t hesitate to provide their credit card or debit card information.
- Cyber Monday Sales Websites that are designed to draw shoppers in with major savings, holiday promotions, and special offers. These websites often feature very slick designs that easily convince people to buy and spend. When in reality, these websites are being used to collect personal data, to install malware, and to steal from shoppers. Some cyber criminals go a step further and send emails to shoppers after the holidays with additional website sales and promotions. Because the victim previously shopped on the website, they don’t question the validity of the email and are quick to click links and to spend more money.
To protect the company and employees from cyber security risks on Cyber Monday (and everyday), it’s important to maintain a consistent cyber security awareness campaign. Take advantage of newsletters, phishing simulations, posters, microlearning modules, and internal cyber heroes to raise awareness.
Eliminating Cyber Security Threats on Cyber Monday
According to Adobe Digital Insights, Cyber Monday 2019 will be the first $9B day in ecommerce revenue. This is a predicted 18.9% increase in online sales revenue from 2018.
These numbers underscore why companies must help employees be safe online when shopping and browsing for Cyber Monday deals. Remind employees of these safe online shopping best practices:
Shop Only On Trusted Retail Websites
Cyber criminals are reading the same articles as shoppers about the top Cyber Monday and holiday deals. Using this information, cyber criminals create phishing emails and online promotions that convince shoppers to buy from spoofed websites.
Remind employees to shop only from trusted online retail websites and to always verify the URL. For example, it’s easy to get tricked by amazonn.com and not notice the spelling error in the URL when the website looks like the legitimate amazon.com.
Don’t Use Search Engines to Find Cyber Monday Deals
Cyber criminals use the same search engine optimization techniques as legitimate brands to make sure their faked websites display in the search engine results. Using savvy and tempting language in the website descriptions and keyword stuffing, it’s easy for cyber criminals to direct online shoppers to faked Cyber Monday sales websites.
When searching for Cyber Monday and holiday deals, emphasize to employees how easy it is to be tricked by fake website or misspelled URLs. Urge employees to search for deals on known retailer websites such as Amazon, Best Buy, GameStop, or Indigo.
Look for HTTPS:// or the Lock Icon
As part of the corporate cyber security awareness campaign, be sure to include examples and images of what secure vs. non-secure websites look like. In company cyber security newsletters, posters, and gamification modules reinforce the importance of looking for https:// and the lock icon. As well, remind employees to double-check that the shopping cart checkout process is encrypted.
Carefully Review Social Media, Email, and Website Details
Everyone wants to save, and cyber criminals use social engineering techniques to capitalize on the desire to get a get a “good deal”. Often these deals are really too good to be true and end up doing deep damage to the employee and potentially the company.
Recognize that employees will be shopping at work on Cyber Monday and ask them to carefully review every offer, email, Tweet, text message, or website deal. In preparation for Cyber Monday, encourage employees to take part in phishing simulations, to update their passwords, and to take an extra 30 – 60 seconds to review the Cyber Monday deal details before clicking and to be safe online.
It doesn’t take much for cybercrime to happen on Cyber Monday or on any other day. Empower your employees with information about how easy it is to be tricked when shopping online, browsing the internet, or buying a coffee using a mobile app.
Having cyber aware employees helps you create a more secure and safe corporate environment year-round.