Employers, IT managers and cyber criminals await 'Black Friday' and 'Cyber Monday'

Opinion by Dan Raywood

This week marks the arrival of the American holiday of Thanksgiving and perhaps more appropriate for this publication, the biggest and busiest online shopping weekend of the year.

This week marks the arrival of the American holiday of Thanksgiving and perhaps more appropriate for this publication, the biggest and busiest online shopping weekend of the year.

Given the names ‘Black Friday' and ‘Cyber Monday', they are the busiest four days for online shopping and email inboxes begin to fill with special offers.

Keith Crosley, director of market development at Proofpoint, said that as the volume of legitimate email marketing increases, the same happens with the volume of spam, phishing and other forms of scam email.

Crosley said: “Malicious email gets more sophisticated every year and it is getting harder and harder for the average consumer and even experienced security professionals, to differentiate between legitimate and fraudulent offers that arrive via email.

“Consumers need to be especially careful these days and the number one tip is to avoid clicking on links in email, which is a hard habit to break.”

Warning of the 12 most dangerous online scams that computer users should be cautious of this holiday season, what it dubbed the ‘Twelve Scams of Christmas', McAfee highlighted Apple iPad offer scams as the most dangerous, typically with Apple products topping most shopping lists this holiday season.

McAfee Labs found that in the spam version consumers are asked to purchase other products and provide their credit card number to get the free iPad, while in the social media version of the scam users take a quiz to win a free iPad and must supply their mobile phone number to receive the results. In reality they are signed up for a phone scam that costs $10 (£6.30) a week.

Dave Marcus, director of security research for McAfee Labs, said: “Scams continue to be big business for cyber criminals who have their sights set on capitalising on open hearts and wallets this holiday season.

“As people jump online to look for deals on gifts and travel, it is important to recognise common scams to safeguard against theft during the busy season ahead.”

It also identified the ‘Help! I've Been Robbed' scam which asks for money to be transferred, the purchase of fake gift cards and suspicious holiday deals that ask for down payments on properties by credit card or wire transfer.

Research by Webroot found that 55 per cent plan to buy at least half of their gifts online this Christmas, up from 38 per cent last year, while 48 per cent of online shoppers frequently, if not always, use search engines to find gifts online, of which 59 per cent trust the first few pages of results.

Jeff Horne, threat research director at Webroot, said: “Through our survey, we learned that one in seven respondents has already become a victim of credit, debit or PayPal account fraud this year. In addition, 57 per cent received phishing emails from bogus sources claiming to be a legitimate company, something we see rise around Black Friday and Cyber Monday. To end the year on a safe note, we urge all online shoppers to adopt some best practices before breaking out their holiday gift lists.”

Away from consumers and looking at this from a business perspective, Bloxx claimed that UK employers stand to lose £300 million a week in lost productivity, as 46 per cent of online shopping takes place during working hours.

Eamonn Doyle, CEO of Bloxx, said: “Most organisations will allow their employees to spend a reasonable amount of time shopping online or receiving shopping related emails. However, with the addictive nature of online shopping and retailers using frequent emails to drive traffic to their sites, it can be all too easy for employees to get carried away and end up spending excessive amounts of time shopping when they should be working.

“Companies need to ensure that they have a clear acceptable use policy for personal internet usage during working hours and ensure that this is communicated regularly to employees. Employees need to know what is acceptable and what the consequences could be for breaking the policy.”

Recent research by ISACA found that 40 per cent of IT professionals expect fellow employees to shop online this year, with 63 per cent predicting that employees will spend three hours or more shopping online during company time over the next two months. A quarter of respondents believe employees will shop for a full work day.

John Pironti, advisor with ISACA and president of IP Architects, said: “Employees who shop online not only reduce productivity, but also open the door to social engineering and phishing attacks, malware and information breaches that can cost companies thousands per employee to correct, millions in compromised corporate data and severe damage to their reputation.”

A survey of 600 small-to-medium-sized businesses by GFI Software revealed that nearly two-thirds of those who do not have a web filtering security solution in place reported experiencing a malware or virus attack via downloaded files, while one out of every five do not have an acceptable use policy for internet usage.

Alex Eckelberry, general manager of the security business unit at GFI Software, said: “Cyber criminals are out there, attempting to trick users into clicking links which will either load malicious malware or spyware or take them to a fraudulent website, potentially compromising personal or corporate information. Organisations should review security policies and appropriate web use guidelines with employees and where possible, employ a combination of anti-virus and web filtering solutions.”

Online shopping is inevitable around any holiday season. Naturally any criminal effort follows rapidly and much like the fight against spam and malicious links, it is difficult to protect against.

Is the best solution to stick to reputable sites? Arguably yes, but consumers are a savvy bunch and finding the best deal involves shopping around and that also requires users' time and from what the industry is saying, that may be the biggest challenge of all.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events