Skip to main content

Hackers to target Black Friday and holiday online shoppers

hackers target black friday holiday online shoppers hacker
Image used with permission by copyright holder

Online retail sites are about to get a massive boost from the kickoff of the holiday shopping season, which is set to officially begin on Black Friday in a couple of days. However, another sect is also getting ready to ramp up their operations as well: hackers, cybercriminals and anyone aiming to use malware to exploit consumers.

In fact, cyberthugs have reportedly started to bombard social media feeds, email accounts and search engines with poisoned links already. Click on one and boom, you might have just contracted some nasty malware. Allegedly, about 10 percent of people who receive such unclean links are likely to take the bait. Here’s what Sorin Mustaca, asecurity analyst at anti-malware firm Avira, had to say.

 “All these things have something in common: social engineering and greed.”

Meanwhile, Signifyd, an identity verification firm, found that 0.8 percent of ecommerce sales made via desktops are fraudulent, after examining 10 million transactions made in the past six months. The dangers are real and are only likely to increase.

So how can you protect yourself from malware and online scams during the holiday shopping rush? Here’s one way: tap into your own fears. No, really. That’s what Ronnie Flathers, who works for a security consultant firm by the name of Neohapsis, had to say.

“It’s OK to be a little paranoid. Modern phishing techniques are subtle and dangerous. It’s OK to mistrust e-mail and links. If something seems phishy, exit out.”

Also, be sure to use strong passwords, and only shop on well-known, trusted sites. We recommend Amazon, Best Buy, Newegg and any other retailers that have a strong brick-and-mortar presence. Crutchfield and Buydig are a couple of sites that we’ve used and had nothing but success with.

Here’s what it boils down to: despite the ever-growing reality of online threats, you can stay safe if you just don’t do anything risky, like use iffy sites or click on links that look less than legit. Make sure your firewall, malware scanners and anti-virus programs are up to date and constantly running. And of course, if you use a password like “123456”, which was found to be commonly used among those who fell victim to the recent Adobe hack, you’re just asking for trouble.

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
FBI disables Russian malware operation targeting foreign governments
An Illustration shows a programmer busy with a laptop and several monitors.

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the "premier cyberespionage malware" of Russia's Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

Read more