Ahead of the annual Black Friday shopping event, where consumers across the world spend billions of Euro on everything from clothes to computers, cybercriminals are ramping up their efforts to get a share of the take.
Last year, the wave of new malicious URLs gained speed in late August and September, and peaked in the two-month October and November recording period with 7.6 million detections. Following Black Friday, the number of detections fell by around 60 percent in December and January to the more usual bimonthly levels of 4.7 million.
The yearly surge of malicious URLs parallels the Google Trends data on Black Thursday searches – an accelerating climb starting mid October, hitting a peak in end November, then dropping off almost completely in December.
“It’s the age-old ‘what came first – chicken or the egg?’ question,” said Alexander Vukcevic, head of the Avira Protection Labs. “But in this case, we know that the shoppers came first, and the malware came close behind.”
On a national basis, Black Friday themed malicious URLs were detected in a number of countries such as France, Germany, and Italy in addition to the expected large numbers in the United States and the United Kingdom. “The range of detections shows how the ‘Black Friday’ term has become an international online phenomena,” explained Vukcevic.
Hidden within this yearly surge is the growing share of surfers that do their searching and shopping online from a mobile device compared to the traditional shopper at home on a computer. Last year, the share of online shoppers using their mobile devices rose from 29 to 40% of the total according to the Crito marketing company. This shift to mobile devices is also showing up in the threat landscape, pointed out Vukcevic. “Compared to 3 years ago, we are finding nearly 10x as many new mobile threats per month.”
Malicious URLs – whether for computers or smart phones — are web addresses designed to damage or infect the device looking it up. They are an intrinsic part of many phishing and malware distribution schemes. “The majority of malicious URLs are phishing for eshops, social networks, and banking sites,” he stated. “Quite a few phishing sites have variants for desktop and mobile, but the mobile sites are harder to visually spot as they are smaller and the malicious URL is often cut off or a series of hyphens added to move the suspect parts of the URL out of the picture in a technique called ‘URL padding.’”
The most variable risks are how the consumer goes out – are they shopping from home or on the road, are they on an open or secure network, how are they handling those pesky password details. “These are all areas where consumer decisions do directly impact their security,” added Vukcevic. With the threats from poisoned and malicious URL’s already prepared and in motion, consumers should be careful when shopping online. Here is some advice:
- Stay safe while performing a web search – Always check that the connection to the online store where the payment is done is secured. This can be observed first if the URL is starting with “https” and second if a small lock is present in the top left corner of the browser in the URL field (in Chrome) or the name of the website is written in a colored rectangle(in Firefox,IE). If the web browser gives any warnings about the security certificate of the website, then do not proceed to purchase anything from that website.
- Make sure the website has a good reputation – If you don’t know the website you plan to buy from, always check its reputation first. Search for comments from other users about that website. Searching for “<website> reputation” usually gives good and relevant results.
- Only give your financial details to reputable websites – Try to choose payment methods which don’t require payment upfront. If PayPal is an option, choose that whenever possible. Otherwise, if you’ve ensured the safety of the website you’re on and you feel good about its reputation, then pay with a credit card.
- If you must use a credit card, stay safe and secure – If you’re shopping on a mobile device or on a PC while on a public Wi-Fi and you have to use a credit care, you will want to take advantage of a good VPN product. With a VPN, you can browse the Internet anywhere (airport, office building, public Wi-Fi, etc.) and remain anonymous, unhackable and untraceable. If you’re on a mobile device (Android or iOS) or a PC or Mac, a VPN product will keep you safe from the bad guys that are always lurking.
- Always double check your bank accounts – To ensure the amount you spent on a website matches what your bank statement says, check your account often during the shopping season to make sure all amounts are in alignment. If there is a discrepancy, contact the website where you made the purchase.”
- Keep your browsing private! – If you’re browsing for an engagement ring, or a new car for your significant other, browse freely knowing that if they use your computer right after you are done, they will not be bombarded by advertisements for rings or cars or the last items you searched for. Private browsing is pretty important if you want to keep a little white lie during the holidays. Avira Browser Safety actually blocks any kind of tracking that websites might deploy on any Firefox browser and that will keep all your Black Friday shopping a secret from anyone who might use your device.