Cyber Security Blog

Stay ahead of the curve with industry trends, cutting edge tech and inventive strategies.

Black Friday hacking season: the top 9 red flags

Another year brings yet another Black Friday shopping frenzy. This annual shopping event may be a great opportunity for Christmas shoppers to bag a few festive bargains. However, in the mad rush to land the best discounts, shoppers often drop their guard and become easy targets for cybercriminals. In the UK, it is predicted that spend will increase by 3.4% this year with £2.53bn on Black Friday alone and a whopping £8.57 billion over the full weekend. As the majority of cyber-crime is financially motivated, cyber-attacks inevitably increase during this period as there is plenty of opportunity to exploit unsuspecting shoppers.

Stay vigilant this Black Friday weekend (and beyond)

To avoid getting more than you bargained for this Black Friday, it is important to remain on high alert at all times. Though this may sound a little dramatic, there will be a steep increase in phishing, malvertising, social engineering and credential stealing attacks. Kaspersky predicts a 24% increase in phishing attacks over the Black Friday shopping season.

Due to industry struggles, retailers are no longer offering these ‘Black Friday deals’ for just one day only, for many the promotions now run throughout November.  Although this provides a longer time-frame for consumers to purchase discounted products, it also creates a wider attack surface as there is more opportunity for fraudulent activity.


Over the past decade, there has been a huge rise in the use of mobile applications for retailers. These apps actively encourage consumers to favour online shopping as they provide early access to the best deals and promotions. Online shopping is undeniably convenient as it allows you to make purchases from the comfort of your own sofa. However, if retailers fail to effectively test the security of their mobile and web applications, financial data can fall into the wrong hands. To reduce the risk of these kinds of attacks, retailers need to be regularly testing their mobile and web applications for potential security vulnerabilities.

Watch out for the Black Friday red flags

To prevent falling victim to a Black Friday cyber-attack, there are certain things to watch out for. As targeted cyber-breaches are more sophisticated than ever before, it is best to be cautious when sharing personal details online.

  • Amazon Fake Amazon invoices

    is one of the most common brands used in phishing campaigns. If you receive an email from ‘Amazon’ with a link or an invoice attachment, even if you have ordered something from the company, be extremely wary before opening or clicking.

  • Emails or texts from your Bank

    It can be easy to lose focus if you receive a text/email from your bank alerting you to suspicious activity. The first thing to remember is: don’t panic! This is exactly how hackers want you to react. If you are thrown into panic mode, you may be tempted to click on a malicious link which would give hackers full access to your personal information. Unfortunately, your bank’s phone number and email address can be easily spoofed, so do not be tricked into thinking it is legitimate.

  • Beware of malvertising

    Malvertising is the use of online adverts to spread malicious software. These will often appear in the form of pop-ups containing malicious programs which can be downloaded onto your device. Once downloaded hackers can harvest your financial information and passwords or even encrypt your data (making it unobtainable).

  • Do not use public WiFi

    If you are out and about and fancy doing a bit of online shopping, do not be tempted to use public WiFi. It is much safer to use your mobile network data as you cannot guarantee that your browsing is private, which is problematic when you are entering financial details.

  • Keep a close eye on your bank account

    During the Black Friday and festive period it is important to monitor activity on your account. Financial fraudsters often use bots to take a small amount out of your account to test if the transaction will be successful. If the payment goes through, they then go on to clear your funds.

  • Too good to be true deals

    If a promotion sounds too good to be true, it probably is! Watch out for supposedly free offers, in recent years there has been a huge increase in scams which offer free gift cards in exchange for filling out a short survey. Once you fill out the survey it usually asks you for your card details so they can ‘transfer the funds to your account’… red flag alert!

  • Website spoofing

    Cyber criminals can spoof well known e-commerce sites to steal your financial data. This often happens during the payment process where you are diverted to a malicious site to complete the payment.

  • Avoid using debit cards where possible

    When it comes to online shopping, you are more protected if you pay by credit card rather than debit card. One of the main benefits of using a credit card is the protection it offers in the event of fraudulent activity. If your credit card is compromised the money will be reimbursed into your account.

  • Be wary of websites selling products for low prices

    If you come across an unfamiliar website which is offering products for extremely low prices, make sure you thoroughly research the company before you make a purchase. It is also beneficial to read plenty of customer reviews to see whether the company is reliable/legitimate.

The responsibility of retailers

Online fraud is undoubtedly on the rise. However, unless retailers can reassure consumers that their financial data is safe, shoppers will be less confident about sharing their details online.  To avoid this eventuality, retail firms need to take stock of their cyber security strategy and ensure they have the necessary tools and processes in place to detect and block cyber-threats before they turn into a largescale breach. Unfortunately, threats are coming from all angles for retailers, these include POS attacks, DDoS attacks, phishing emails, website spoofing, key loggers… the list goes on.

The current climate for the retail industry is precarious to say the least. With many large firms including Mothercare, House of Fraser and Jack Wills going into administration in recent times, companies cannot afford to suffer reputation damage due to a cyber-attack. As retailers prepare for a dramatic increase in online demand during the Black Friday shopping season, they need to be prioritising the security of their systems, applications and websites.

Ready to achieve your security goals? We’re at your service.

Whether you are a CISO, an IT Director or a business owner, Equilibrium has the
expertise to help you shape and deliver your security strategy.

Latest posts