Most shoppers will know Cyber Monday as the digital cousin of Black Friday, the first day of the Christmas shopping season. But what most people won't be aware of is the very real security threats that the online shopping extravaganza has created for shoppers.
Black Friday, the last Friday in November and the day after Thanksgiving, sees Christmas shoppers camping out overnight outside department stores and brawling over holiday deals when the doors finally open. Cyber Monday is the same thing, but online. The term was first coined in 2005, and since then the Monday after Thanksgiving has led to over $1 billion (£613.2 million) being spent online in just that one day each year.
This is a massive opportunity for online retail, but unfortunately it's also a boon for the more opportunistic elements of the criminal underworld. Yes, spammers and hackers are firing up their botnets and logging phishing site domains in an attempt to lure honest online deal-hunters into their traps.
So what should you look out for? We've elaborated on the top 5 dangers highlighted by Troy Gill, senior security analyst at AppRiver.
1. Spam email
This old chestnut has been a thorn in Internet users' sides since the early days of the web. Gone are the days of the woe-struck Nigerian prince with adorably poor spelling, though. Phishers and social engineers have since become adept at faking legitimate messages from shipping companies like FedEx, UPS and online payment portal PayPal. These tactics are so effective they're used all year round, but in the lead-up to Christmas, they can be particularly lethal. Since everyone has something in the post, the hackers' chances of stealing personal details from Internet users goes up dramatically.
2. SEO Poisoning
Yes, SEO – that friend of legitimate business and page view-hungry web admins alike – has been turned against honest Internet users by savvy scammers. Cyber-criminals use a technique known as "SEO poisoning" to tilt search results in their favour. Shoppers searching for common or predictable keywords like "Cyber Monday deals," "iPad Air," or "Google Nexus 5," might find themselves lured into a hacker's insidious web.
Shoppers should be wary of visiting any sire they don't know and trust. You should be suspicious, for instance, if Google is suggesting you go to someone's personal blog to find a deal. Hackers will often hijack personal blogs to act as lures to unwary shoppers. Stick to retail sites like Amazon, and the official sites of vendors like Currys and PC World, and you should be fine.
If you're unsure about a search result, you can also hover your mouse over the link, and the URL will appear in the bottom left of your screen.
3. Fake e-cards
Like emails from UPS and PayPal, fake e-cards are a problem for spam filters all year round – however, with the advent of the holiday season, these little suckers become an order of magnitude more effective. As with any communication, be suspicious of any cards sent from unknown email addresses, and even if the card is from a trusted sender, don't open any attachments or follow any links suggested by the card. Remember: it's entirely possible for a virus to send email from another person's account without them noticing. The link or attachment could contain malware, spyware or even ransomware. Was that animated snowman really worth it?
4. Shopping on unsecured networks
As researchers from Firstbase technologies recently demonstrated, it's all too easy to steal people's data from public Wi-Fi hotspots. So-called "evil twin" attacks can see hackers route all hotspot traffic through their laptop or smartphone, and packet sniffing software can detect and capture all data being passed to and fro. It's not just usernames and passwords – bank details are captured all too easily in this kind of attack. So be warned – if you're doing any shopping online, make sure it's at home, or on a secure Wi-Fi network.
5. Counterfeit products
Simple rule: if it's too good to be true, that's because someone's trying to rob you. If you see an iPad Air or any other newly-released product for half its normal retail price, be very suspicious. Make sure to shop with reputable retailers, and do some research. If you're not sure, Google the name of the site, with "scam" after it. Chances are, if it's not legit, there will be a number of pretty angry people venting their spleen about it online.
You can also educate yourself on scams by checking out the Australian government's useful Scamwatch website.
As always, if you suspect that you have been the victim of fraud, contact the police's anti-fraud hotline at www.actionfraud.police.uk.
You can also stay ahead of the game by following the police's Action Fraud on Twitter at @actionfrauduk.
Image: Flickr (rbanks)