Black Friday: How to deal with cyber-attacks

The end of the year and approaching Christmas is the busiest sales time of the year. Major shopping periods pose an additional threat to businesses and consumers as hackers become more active. The best example is Black Friday, a huge one-day promotion and a particular day when some stores generate up to a dozen per cent of their annual revenue. And as we feel the Xmas spirit and do more and more of our shopping online, we also expose ourselves to cyber-attacks. Phishing scams, fake websites and unsecured financial transactions threaten both customers and consumers.

Most cyber-attacks are financially motivated. Financial losses, reputational damage, and legal penalties for non-compliance with regulations like GDPR are at stake. It is more important than ever for companies to take every precaution to stay safe during Black Friday. While hunting for the best bargain, we should always maintain our vigilance. Keeping an eye out for distinctive signs of scams, such as language errors in emails and product ads, suspicious urging messages, lack of HTTPS security, or offers too good to be true, will help us expose the activities of cybercriminals.

Black Friday is an excellent opportunity for increasing cybersecurity awareness. Well-crafted campaign covering real life and up-to-date examples of threats is highly beneficial for both employees and companies – points Marcin Jung, Manager in the Global IT Security Officer Team at ERGO Technology & Services S.A.

Selected types of cyber threats


Blatantly low prices and irresistible bargains are the hallmarks. Many stores start communicating promotional prices for the upcoming holiday much earlier. Cybercriminals also take advantage of this situation by sending phishing emails to their victims. How to recognize them? These messages are not uncommon to impersonate well-known stores selling perfume, clothing, shoes, or electronics, gaining tremendous interest from Internet shoppers. Another technique is the distribution of messages pretending to be from popular courier companies. Often, they appear in users' inboxes, informing them that a shipment is being held up or that there may be a problem with receiving the package. The fake email persuades the victim to click on a misleading link, share personal information, or install an additional malicious application. 


Ransomware is a category of malware designed to block access to a computer until the appropriate ransom amount is paid to the criminal's account. Typically after infecting a computer, ransomware malware encrypts files making them unavailable for a user. Once the encryption is completed, the victim receives instructions on paying the ransom to get the decryption key. As malicious actors use very strong encryption algorithms nowadays, the only practical way to get computer files back without paying the ransom is to restore them from the backup. 


While online platforms make it easier for merchants and consumers to process transactions, cybercriminals also have another avenue to carry out retail cybercrime. If goods are purchased from a fake site, the victim may never receive the purchased product, and the alleged seller may disappear with the stolen money. Therefore, before making a payment, take a moment to consider whether you are dealing with an honest seller and whether the payment methods offered are safe for you. Some online merchants may be unaware of credit card skimmers - codes placed on their sites to steal credit card and payment information.

How to stay safe?

Awareness is paramount. Avoiding being the victim of a cyberattack means having employee buy-in at every level, not just IT. To combat this, organizations should take every precaution to ensure that their staff are not the reason they are breached — this, in most cases, will take the form of cybersecurity awareness training. 

Why is it so important? Awareness training is a core aspect of most business security strategies today simply because it adds a hurdle for cyberattacks to navigate. Malicious actors rely on a law-of-averages approach when attempting to breach people and organizations — phishing scams only work once an end-user has clicked a link or interacted with it in some way. By training a workforce, businesses reduce the viability of social engineering scams against their employees in one fell swoop.

Most popular