The day after Thanksgiving in the U.S. is one its biggest shopping days as retailers do their best to attract customers to their online and offline stores. Shoppers, looking for the best bargains, know that swift action can often get them the rarest of deals.
Of course, malware attackers know this and, thus, create Black Friday phishing attacks that not only cater to a shoppers’ greatest urges but also to their lack of focus on their online security best practices. As a gift to readers, the BluVector Threat Research Team offers a few reminders to ensure that you shop safely on Black Friday.
- Do be aware phishing attempts increase significantly at this time of year. Phishers know that this time is extremely busy and often stressful, both at work and personally. They hope that this means that due to time pressure, you will use less caution and be more susceptible to phishing attempts.
- Don’t click on links in unsolicited emails (especially those in URL shorteners), even those that appear to come from senders you know.
- Do remember your financial institutions will not send you emails asking for information they already have, such as your Social Security Number (SSN).
- Don’t automatically open any attachments in unsolicited emails. Malicious attachments may not be the file type they appear to be.
- Do pay close attention to the spelling and grammar in the subject and email body, poor quality phishing emails often contain multiple, obvious errors.
- Don’t use the same password for multiple accounts or sites, especially ones that give you access to financial accounts.
- Do be aware of the sender’s email address, even if the sender’s name is known to you, particularly if the email domain is a from a free provider, such as gmail.com.
- Don’t ignore any warning messages document files show, such as enabling macros. Read the message carefully before answering and only allow actions you know are required. Malicious documents will often contain text telling you it is necessary to override warning messages.
- Do hover over any links you are considering clicking in any email and ensure the link displayed matches the one in the email. If there are any doubts, manually type the link address into your browser.
- Don’t take as fact what an email is telling you. If an email states that your banking account is locked and needs immediate action, check by visiting the actual site by typing the site’s address manually into your browser and logging in. Alternatively, find the customer support phone number on your financial card or the legitimate website and call to confirm.
- Do spread the word of phishing awareness. Knowledge is the best weapon against phishing.
- Don’t forget, phishing is not limited to email. Phishing can also be delivered by social media, text messages and even voice calls.
Enjoy your shopping journey this Black Friday and stay safe as online attackers are always watching to see how they can get into your devices and accounts.