Today is Black Friday, and cyber criminals are probably as excited about the shopping season as you are. Therefore, it’s highly likely that you’ll see phishing emails sweeping through your inbox, encouraging you to part with money, just when you’re trying to spend it.
As a result, Egress has prepared seven top tips for consumers to dodge cyberattacks during the busiest retail weekend of the year.
1. Be aware of what a phishing email looks like
Phishing emails are designed to look as real as possible, and to the untrained eye can look nearly identical to an email from a trusted sender, such as a bank or social media platform.
If you find the following features in an email from a ‘reliable’ sender, it is often a hint that the email is actually a phishing attack:
– Incorrect spelling and grammar
– Name in the email address not matching the user details in the email body
– An email received from an unknown sender or email address
– An unexpected change to the look/layout of an email
– Web links in emails
What are the Black Friday security threats and how can you avoid them?
2. Check the web links
If you see a suspicious link in an equally suspicious email, DO NOT click on it. Instead, hover your mouse over the link to see if the address matches the link displayed or if possible, open the site in another window instead of clicking the link in your email.
3. Don’t open attachments
You might receive emails asking you to download a gift card registration document to fill out. DO NOT click on it. This could be a malicious document and clicking on it would allow a malware to steal your information. A safe attachment should allow you to preview it without having to download or open it.
A guide to cyber attacks: Phishing – Part 2
4. Don’t be fooled by branded emails
If you receive a branded email and it is different to what you normally see, this could be a sign of an attempted phishing attempt. Examine the email address, subject and body; any typos will point towards it being a phishing email. If unsure, you should contact the sender through other channels to gain further clarification on the authenticity of the message.
5. If it’s too good to be true, it’s probably not true
Cyber criminals will try to disguise themselves as well-known and trusted brands and offer expensive things at a much lower cost. If the offer is not on the brand’s official website, it probably isn’t legitimate.
Amazon experiences technical error ahead of Black Friday
6. Be cautious with any requests for personal or financial information
In general, you should be very cautious with any requests for personal or financial information. A retailer would never normally ask you these and would send you separate communications outlining this.
7. Adopt the right security technology
The best solution to avoid phishing attacks is to have the right security technologies in place. The application of machine learning, deep learning and NLP have made it increasingly possible to mitigate this risk. By analysing various attributes, from the sender’s authenticity to the end user’s ‘normal’ behaviour, smart technology can now recognise patterns and highlight anomalies.
In particular, in cases where a phishing email requires an individual to respond, users can be alerted to the fact they haven’t emailed this recipient before or that the recipient’s domain is not trusted – immediately raising red flags for the user in scenarios where cybercriminals are leveraging established relationships.
