Fortinet
Fortinet

Another year, another whirling holiday shopping season—and another opportunity for cybercriminals. But, this holiday shopping season could pose more challenges than years past. Shoppers are expected to descend upon e-commerce as many sought-after items could be in high demand. As a result, both consumers and retailers must be especially wary of opportunistic scammers who will offer too-good-to-miss deals in order to steal sensitive information and profit off their victims’ losses.

Cybercriminals will be especially active this year, ready to launch an attack wherever they see an opening. From phishing scams to malicious applications, they’re waiting for unsuspecting shoppers to be lured into their traps—which means the best way to mitigate your risk is by remaining on high alert.

More People Shopping Online Still

As a result of the pandemic, many shoppers have switched to e-commerce as the method of obtaining the clothing, electronics, household items, toys, and other gifts they seek. And while we have seen a steady increase in online shopping over the years. This year’s holiday shopping could beat previous records.

Meanwhile, in the background, cybercriminals are simultaneously planning their attacks. And they’re expecting opportunities related to holiday shopping to be equally profitable.

Tips For Shopping Safely Online

This year, shoppers should prepare for both traditional online shopping risks as well as new timely e-commerce threats. We’ve outlined some of the most important ones below, along with some best practices to avoid falling victim to them:

Common Threats

  • Public WiFi: Shopping at home on a private network is one thing. However, you may want to think twice before making online purchases using a public WiFi connection from a coffee shop, mall, or grocery store. Cybercriminals more frequently hack these networks to intercept your data. They may even camp out in public areas, broadcasting a hotspot labeled “Free Public WiFi” that, when an unsuspecting visitor connects, can be used to capture all of the traffic moving between the device and an e-commerce site (or any website, really). Avoid public WiFi if possible unless you have a secure VPN connection and wait until you are home to connect to a secure, trusted network.

  • Fake E-Commerce Sites: Plenty of fake shopping sites emerge during the holidays, designed to lure consumers into providing credit card or personal information by offering impossible-to-beat deals or access to hard-to-find items that, in reality, don’t exist. If you’re visiting an e-commerce site for the first time, do some research to verify its legitimacy before making a purchase. Look up reviews across the internet, make sure the company has a physical address and phone number listed, and stay away from sites that require direct payments from your bank, wire transfers, or ask for gift cards as a form of payment.

  • Credit Card Skimming Software: Credit card skimmers aren’t limited to physical retail stores—they can be found online, as well. Point-of-sale (POS) RAM scraping malware has become increasingly popular among cybercriminals in recent years. First, attackers must gain access to a point-of-sale system, such as a shopping cart application. They then infect the host with malware designed to scrape credit card data from the source. The transaction still goes through, but all of the credit card information is also collected. As a consumer, it’s not always easy to avoid credit card skimmers but the majority of large, reputable retailers now have measures in place (like a web application firewall) to prevent them.

Emerging Threats

  • Web-Based Malware: Consumers should be mindful of suspicious websites or advertisements that direct them away from whichever trusted site they’re browsing or that lure them with enticing deals. In some cases, all it takes is a momentary visit to a malicious webpage to infect your device.

  • IoT and Router Attacks: While not directly related to Cyber Monday, exploit attempts against consumer-grade routers and IoT devices continue. Many people are still working remotely this holiday season. Those who may be looking to upgrade their home offices or other at-home technology should take network security into consideration before making purchases. While hacking the data on your smart thermostat, for example, isn’t really the problem (threat actors aren’t really interested in how warm you keep the house in the winter), they could employ reconnaissance hacks to discover your passwords for your corporate WiFi network or your login credentials for automatic online purchases.

  • Hijacked Online Services: We continue to see cybercriminals exploit streaming entertainment accounts. Oftentimes, account information is stolen and then listed for sale on Dark Web black market sites. If you’re gifting a streaming subscription to a family member or signing up to take advantage of a Cyber Monday promotion yourself, remember to monitor remote usage, such as notices about unfamiliar logins to your subscription service, and contact the provider if you notice any suspicious activity.

Safe Shopping Habits

The best way to avoid falling victim to a Cyber Monday attack is to practice safe online shopping habits. Use common sense when browsing online and stick to trusted retailers for holiday deals and promotions. And when you make those purchases, keep in mind that credit cards offer built-in consumer fraud protection!

While the ability to purchase goods, send gifts, and connect to loved ones over digital networks has been incredibly valuable over the course of the pandemic especially, it’s important to understand that these conveniences are not free of risk. Rather than getting caught up in the rush and excitement of Cyber Monday shopping, take a moment this year to pause and revisit cybersecurity best practices. And don’t forget to pass on your knowledge to your friends and family, as well. This way, we can all enjoy a safe and relaxing holiday season.

Learn more about Fortinet’s free cybersecurity training , an initiative of Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute, to help you be more cyber aware, or about the Fortinet Network Security Expert program , Security Academy program , and Veterans program .