Tick-Tock: Black Friday 2020 Could Turn into a Cybercriminal Medley as Retailers Adjust to Social-Distancing During COVID-19


With the 2020 Holiday season drawing near, shoppers worldwide are getting ready for the yearly Black Friday bonanza of deals from their favorite fashion, tech and appliance retailers.

One of the most anticipated shopping events of the year officially kicks off on November 27, with thousands of retailers unveiling their best online and in-store deals.

However, Black Friday also marks a holiday shopping season for cyber-crooks and fraudsters targeting eager online shoppers rushed to fill their virtual shopping carts with goodies.

Shopping is more online than ever, and so are cybercriminals

E-commerce has surged when the pandemic hit earlier this year, with the health crisis changing shopping behavior worldwide. Sixty-two percent of consumers shop online more now than before the pandemic, and the numbers are anticipated to rise during the holiday season.

On Black Friday in 2019, more than 93 million shoppers made a purchase online, with in-shop visits dropping 6.2 percent compared to 2018. In-person shopping is likely to reach an all-time low, with retailers adapting their marketing schemes to fit social-distancing measures.

As merchants gradually release 2020 Black Friday plans, it appears that this year’s shopping spree could be extended, giving cybercriminals a large window to lure potential victims.

According to a recent survey, consumers in the US are expected to spend a total of $148.5 billion this Black Friday, an enticing figure for cybercriminals who aim to score big. Retail phishing increased by 233 percent in 2019, revealing that e-commerce retailers are prime targets for website spoofing during the Holiday season as they diligently prepare deals and coupons.

A flood of aggressive advertising via social media and email may prompt consumers to dismiss red flags, making them even more susceptible to credential-harvesting phishing scams, account takeover and fraud.

Say goodbye to the door-busting Black Friday frenzy

While shopping from the comfort of your home in PJs sounds great, falling for a too-good-to-be-true offer could turn into a real nightmare for shoppers.

In the past year, cyber-thieves have proved to be distinguished social engineers preying on our fears, misinformation, and speculation surrounding the coronavirus. Their expended set of tools is bound to shine even more this holiday season.

Pay special attention to appointment shopping this year, as cybercriminals could leverage the scheduling systems already set up by some retailers to avoid hectic lines amid the global health crisis. Inspect the offer closely before “reserving” your spot for a chance to shop early and snag a deep discount. Covid-19 restrictions are here to stay, but stores may also come up with a go-to lottery system, where lucky winners receive an allocated time slot for in-store shopping.

It’s best to check out the vendor’s official website before you sign up, pay for any exclusive store access or provide personal information in an online form.

Opportunistic threat actors are also taking advantage of the highly anticipated release of the new PlayStation 5 consoles, bound to hit stores on November 12. The Bitdefender Antispam Lab picked up a spike in PS5-related correspondence between 29 and 30 October 2020, when more than 72% of all received PlayStation emails were marked as spam.

Keep an eye out for QR codes

The pandemic has also fueled the use of QR codes, which has gained immense traction in recent years. An estimated 11 million households in the US are expected to scan a QR code in 2020 alone. Additionally, more than 18 percent of UK and US residents have noticed an increase in QR code use since the start of social-distancing measures.

QR Codes can be used in ads and promotions to redirect customers to product webpages where they can quickly add merchandise to their online shopping cart. Although this method is time-efficient for the customer, threat actors could create malicious QR codes and encode custom-made payloads to redirect users to fake websites and steal personal data or install malware on the device.


Tips for a Cyber-Safe Black Friday Bonanza

  1. Stick to what you know and avoid clicking on links in emails or social media platforms that advertise special discounts and offers from unfamiliar retailers. Check the grammar of any email you receive, and hover across the link to make sure it leads to the official website. Phishing emails are the most popular tool used by fraudsters, and they are a common way to steal personal and financial information.
  2. Use a secure network while browsing for deals and products. Around 82 percent of shoppers check their phones in store before purchasing, so avoid connecting to any public Wi-Fi networks or checking your banking sites, as cyber-thieves could have compromised the network.
  3. Enable two-factor (2FA) or multi-factor authentication (MFA) for all your online accounts and financial transactions, where possible. This extra layer of security could protect against fraud, even if the attacker has your login credentials.
  4. Change the passwords for all of your online accounts, especially those affiliated with online retailers. While this security step could be time consuming, you still have time to review your accounts and set up robust and hard-to-guess passwords. You can always use a dedicated password manager to keep tabs on your login information.
  5. Set up credit card alerts that can help protect you from fraud by quickly notifying you of suspicious or unusual charges. If your credit card information is used, you receive real-time notifications, making it easy to stop fraudsters from causing financial damage that may ruin your holiday.
  6. Use a security solution on your devices, as they are the first step toward local protection of personal data. You can ward off malicious threats and ensure that your sensitive data does not end up in the hands of cybercriminals.