How Cybercriminals Are Shopping for Personal Data This Black Friday

By on Nov 21, 2017

Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, so it’s unsurprising that a new Black Friday scam has emerged this holiday season, which includes more than 32,000 malicious Black Friday-themed apps spoofing the branding of top U.S. online retailers.

According to a recent report, one in 25 Black Friday apps are fake, with at least 15 malicious Black Friday apps for each of the top five U.S. e-commerce brands. These apps are said to scam users in a multitude of ways, either tricking shoppers into entering credit card information, giving up Facebook and Gmail log-in details, or even downloading malware and ransomware. Plus, they’re available on legitimate app stores such as the Apple App Store or Google Play.

But the threats don’t just stop there. As our Most Hackable Gifts survey highlighted, both online holiday shopping and the gifts being bought make personal data more vulnerable than ever. Laptops, smartphones, tablets, IoT toys, digital assistants – the gifts that fill our wish lists are make cybercriminals feel like kids on Christmas morning. Beyond these vulnerable gifts, there’s also the potential for scammers to create fake retailer microsites, invent targeted phishing scams for fake deals, create malvertisements, or execute new malware to swoop all the financial data from physical point-of-sale systems. Therefore, it’s important consumers understand securing their information now more than ever. To do just that, follow these tips:

  • Go to the source. One easy way to avoid counterfeit Black Friday apps is to go to the retailer’s website on your mobile browser and look for a link to the app from their website. With Safari on iOS, if a website already has an app, you will get a box at the top asking if you want to open the page in the app or download the app if it isn’t already installed.
  • Avoid “too good to be true” deals. With Black Friday and Cyber Monday, we’re all trying to save as much money as we can. But here’s the reality: if a deal seems too good to be true, it often is. These deals are usually a cybercriminal attempting to lure you in via phishing so that you cough up your personal data. Trust deals that are advertised directly from the vendor, and if you’re unsure about their legitimacy, scan their site or call their support line for reassurance.
  • Pay with a credit card. Credit cards overall offer better protection against financial fraud than debit cards. You won’t be liable for fraudulent purchases and the thieves won’t be able to drain your bank account if they get ahold of your account number. Any abnormal use of your credit card number will be automatically flagged or not approved by your bank.
  • Use a mobile security solution. As fake or malicious Black Friday apps work to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs