Phishing

Cyberthreats Target Black Friday: How to Protect Your Business and Employees

Adrien Gendre

November 10, 2022

26 min

Despite this year’s economic and inflationary headwinds, forecasts predict Black Friday (a period spanning several weeks) to be especially active in 2022. An IBM annual report reveals that global shopping and travel budgets have increased year-over-year by 8% and nearly 50%, respectively, as retailers look to offload excess inventory and consumers show an appetite for deals. The expected flurry of ecommerce activity increases the risk of cybercrime. As consumers spend more time and money online, hackers find more opportunities to deploy cyberthreats that can exploit users.

A successful cyberattack can be costly for individuals. For organizations, it can be far more devastating. According to Juniper Research, online payment fraud will cost businesses $343 billion (USD) globally between 2023 and 2027, if current fraud levels persist. Yet this figure doesn’t account for reputational costs. A recent study finds that 55% of consumers would be less likely to do business with brands that are victims of a cyberattack. Together, these statistics should put organizations of all sizes on high alert this holiday shopping season. The potential short-term rewards of Black Friday don’t measure up to long-term consequences of inadequate cybersecurity.

How can your organization navigate Black Friday safely and securely? Here are five tips to help you defend against cyberthreats.

1. Shop by browser, not email, to avoid cyberthreats

Email is the preferred vector for hackers to deploy cyberthreats. And the reasons are clear. As time-sensitive and attractive offers hit your inbox, it can be tempting to use email as the starting point for your purchasing journey. But doing so exposes you to the risk of clicking a phishing link and divulging personal and financial information to a malicious actor.

One of the simplest and easiest ways to protect your sensitive information is to avoid using email as a platform for your online shopping. Rather than clicking a link to shop an email offer or browse a new product release, instead visit the seller’s website directly using a separate browser. While less convenient, this simple habit can save you from the lasting consequences of a cyberattack. And while you should adopt the practice yourself, you should also institutionalize it in your organization and raise awareness among your employees and clients.

2. Pay attention to display name spoofing

According to a global survey by Adobe, 44% of consumers will spend at least $500 each year with the brands they trust most, while PwC found that 93% of consumers rank brand trust as a top factor influencing their purchasing behavior. These statistics illustrate the influence that established brands can have on consumer behavior.

Phishing attacks, one of the most common and costly cyberthreats, weaponize our social and emotional connection with brands. Phishing emails impersonate brands to dupe victims into disclosing sensitive information or downloading and spreading malware. This cyberthreat uses a variety of techniques, including email spoofing. Email spoofing is a technique that manipulates the display or domain names of an email to create the illusion it originated from a legitimate sender. The two most common types of email spoofing are display name and close cousin spoofing, because both are effective at bypassing detection by traditional email filters.

Display name spoofing

As its name suggests, display name spoofing manipulates the display name to create the appearance of authenticity. The below example is a phishing email that uses the display name “Microsoft Outlook” to dupe recipients into believing the email came from Microsoft. Upon closer inspection, however, the email address belongs to a Gmail account, an obvious sign of a phishing scam.

Final-Black Friday-ENPhishing email using display name spoofing

Hackers continue to use display name spoofing because they assume users won’t check the domain name because of haste, mobile device usage, or other factors. In the case of mobile devices, most email clients show only the display name of an email and hide the domain name, making it difficult for users to verify the sender. That helps explain why Verizon found users are more vulnerable to email spoofing and spear phishing when viewing email on their mobile device.

Close cousin spoofing

Close cousin spoofing uses a domain name that closely resembles the legitimate one but uses additional characters or a different domain name extension. The difference in characters differentiates it from the authentic version to avoid detection by traditional email filters.

In the below example, hackers impersonate American Express by using the company’s authentic domain name with additional characters and a different domain extension. Like display name spoofing, hackers that use close cousin spoofing assume users will overlook the nuances of email spoofing and fall victim to it.

Final-Black Friday-EN 2

Phishing email using close cousin spoofing

Still, hackers can use close cousin spoofing techniques that are undetectable to the human eye, such as replacing characters from the Latin alphabet with Cyrillic ones (e.g., the Latin character, “a” with the Cyrillic version, “a”). To catch these sophisticated techniques, you need a solution like Vade for M365, which analyzes display and domain names to determine if they are consistent with your organization’s entity model. Vade for M365 also detects the unauthorized use of legitimate domain names and cousin domains.

3. Change your passwords

It’s never too late to practice good cyber hygiene. And that includes changing your passwords regularly, and using long, unique, and hard-to-guess character combinations. This practice reduces the risk hackers can use compromised credentials to gain access to more than one account, including one belonging to your organization’s internal network.

On the other hand, if employees recycle their credentials across numerous accounts, hackers only need one set of credentials to compromise and exploit users in multiple ways. And this leaves your organization’s cybersecurity as strong—and as weak—as any of the third parties where employees use those credentials.

To protect your organization, implement and enforce a password policy that requires employees to regularly update their credentials. Also, recommend your clients do the same.

4. Use a URL analyzer

Hackers can use multiple techniques to disguise a phishing link. While you should always double-check the destination path of hyperlinked text before clicking it, you should also consider using a URL analyzer to check if a suspicious link is malicious. URL analyzers can detect the anomalies and behaviors of cyberthreats that are hidden from the human eye.

For example, Vade offers IsItPhishing.AI, a free URL analyzer that anyone can use. IsItPhishing.AI leverages Artificial Intelligence (AI) to perform a real-time analysis of URLs, following any redirections to determine if a destination webpage is malicious. The solution also checks URLs using real-time threat intelligence from 1.4 billion mailboxes worldwide.

Encourage your employees and clients to check the destination path of URLs and to use a URL analyzer whenever they encounter a suspicious link.

5. Invest in user awareness training

Your users represent the single greatest vulnerability in your attack surface, as illustrated by the findings of Verizon’s 2022 Data Breach Investigations Report, which found that 82% of data breaches are attributable to the human element. It’s never too late to invest in user awareness training, which can transform your greatest cybersecurity risk into a strength. While training programs vary—from classroom-based instruction to simulation-based training—best practice is to adopt user awareness programs that personalize, automate, and administer instruction in real-time as needed.

Vade Threat Coach™ provides user awareness training that reflects the content and context of users’ daily email interactions. This grounds instruction in lived experience and increases the retention and application of their learning. Additionally, the training is administered when users interact with a real phishing email, the moment when education is most important and conducive to better cyber behavior.

Bottomline: Black Friday will come and go, but cyberthreats will linger

Consistent with past years, Black Friday will welcome an abundance of online deals and cyberthreats. While the shopping observance warrants heightened cybersecurity measures, it doesn’t erase the need for a long-term cybersecurity program. To protect your business, employees, and customers from the most devastating cyberthreats, you should invest in a sustainable cybersecurity solution that protects your business, while giving you back time and resources to focus on running your business.

Vade for M365 provides ongoing threat detection and response against the email-borne threats of today and tomorrow. It leverages a core set of Artificial Intelligence (AI) technologies and real-time threat intelligence from more than 1.4 billion mailboxes to keep you protected from the never-ending supply of cyberthreats.

New call-to-action