Ahead of Black Friday and Cyber Monday, the Cybersecurity and Infrastructure Security Agency (CISA) warn that the cyber landscape is becoming more volatile than ever, as scammers cash in on the surge in shopping activity.
As cyber criminals level up their tactics, over 250 retailers have already been exploited by “Freebie Bots” — a new software program that automatically snaps up mispriced goods — while countless consumers have been duped by spoof websites posing as legitimate brands.
But fortunately, as the ecommerce landscape transforms into the wild wild west, there are ways to stay safe online. Read on to learn about these emerging cyber threats, and for information on how to avoid them.
“Freebie Bots” Are Cashing in On Retail Errors
Bot armies have been plaguing the internet for some time, but according to the security specialists Kasada, a new type of bot has recently emerged, and it's specifically targeting retail businesses.
The emerging scamming software, known as “freebie bots”, began circulating the web ahead of this year's Black Friday and Cyber Monday holidays. They work by automatically scanning retail websites for mispriced items, before purchasing them in bulk and selling them for profit.
“Adding Freebie Bots to the mix gives retailers another headache to deal with, one that directly hits their revenues, as they’re compelled to fulfil orders made with pricing errors” – Researchers from Kasada
And the impact freebie bots are having on businesses are pretty severe. After being exploited by these scam bots, retailers are under obligation to fulfil the orders. In addition to missing out on profits (which can be substantial), this can also increase infrastructure costs and damage a brand's reputation.
According to Kasada, freebie bots have used this technique to purchase over 100,000 products from 250 businesses in the past month, with a combined retail value of $3.4 million.
Spoof Websites Try and Scupper Black Friday Shoppers
Bots aren't the only cyber threat you need to be wary of this Black Friday. As consumers flock to the internet for big deals, a number of fake websites have also begun popping up posing as legitimate retailers.
These bogus sites, which tend to imitate well-known brands like Louis Vuitton, email potential victims directly, promoting discounts and one-time offers with catchy subject lines like “Sale starts at $100. You’ll Fall In Love With Prices.”
While spoof websites have existed since the beginning of the internet, researchers at Check Point explain they've been proliferating in the run-up to the holiday season, catching out more consumers than ever.
The rise in these phony sites chimes with the sudden surge of spam, and phishing messages, which have increased 10% over the past two weeks, according to Google Workspace Trust & Safety Manager, Nelson Bradley.
So, with the tactics of cybercriminals becoming increasingly underhand, how can consumers and retailers avoid being duped this holiday season?
How Can You Stay Scam-Free this Black Friday?
Its typical for consumers to become increasingly distracted this type of year. But with cybercriminals being on their A-game, CISA Director Jen Easterly recommends following a series of measures to be safe, including shopping from trusted sources, using safe purchasing methods, as well as using basic tools like multi-factor authentication.
“Your cyber safety should be treated like your physical safety. Stay vigilant, take steps to protect yourself, and trust your instincts. If you see something that doesn’t look right, there’s a good chance it isn’t.” CISA Director, Jen Easterly
And for businesses, educating yourself on the tactics and tools used by criminals is a sure fire way to keep one step ahead. This should, of course, be implemented alongside a robust cybersecurity strategy that relies on a range of useful tools from virtual private networks (VPNs) to password managers.