Online Scams Are More Sophisticated Than Ever. Here's How to Shop Safely on Black Friday and Cyber Monday, According to a Cyber Intelligence Expert.Vice president of intelligence at ZeroFox AJ Nash reveals how the 'spray and pray' approach and rise in social media scams contribute to the threat.

ByAmanda Breen

Courtesy of ZeroFox

AsThanksgivingapproaches, so doBlack FridayandCyber Monday.

Last year, theNational Retail Federationreported nearly 180 million unique shoppers over the five-day period between Thanksgiving Day and Cyber Monday, which exceeded estimates by more than 21 million. According to NRF's data, 104.9 million of those shoppers visited stores and 127.8 million made their purchases online (some shopped both in-store and online).

Of course, "Cyber Week" brings in major revenue: The 2021 sales stretch drove nearly $40 billion in online spending, perAdobe.

But the onslaught of online deals doesn't just draw eager shoppers — it also givescybercriminalsa prime opportunity to trick people out of their money.

"Cyber Monday and Black Friday open the door for adversaries to make offers," AJ Nash, vice president of intelligence at ZeroFox, says. "Maybe if it were a Wednesday in July, you'd go,Man, that seems too good to be true.但网络星期一day, you go,Oh, maybe it's a doorbuster. Maybe somebody really is giving away this amazing thing for almost nothing."

Nash spent nearly two decades in the intelligence community, describing himself as a "traditional intel guy," before he was recruited for a cyber-focused contract, then to the private sector.

狗万官方sat down with Nash to discuss howcyber scamshave become more sophisticated over the years and how you can protect yourself from even the craftiest cybercriminals.

Related:Cyber Fraudsters Reap $2.3 Billion Through Email Wire-Transfer Scams

"Technologies have made it easier to do a better job of impersonating."

Phishing, the process by which an attacker sends a fraudulent message to get someone to share sensitive information or to introduce malware, is one of the oldest tricks in the cybercrime book.

But the "spray and pray approach," where cyber criminals attempt to maximize the volume of their scam to get the biggest returns, has gotten an update over the years, Nash says.

"Technologies have made it easier to do a better job of impersonating," he explains. "It costs very little to buy a domain that looks very close to the real one. It's a misspelling, or they use a lowercase 'L' to replace a capital 'I.' There's a lot of different ways to set that up."

From bogus websites to texting schemes,cyber scammersare skilled in weaving webs that appear legitimate. A link sent through SMS might lead back to an authentic-looking site, for example.

"The longer you go down those paths, if adversaries link things together and layer them, the more trust it creates," Nash says. "If you believed the first thing, then everything else is going to reinforce that as a potential victim."

And the schemes themselves also run the gamut, though non-delivery scams, where shoppers are duped into purchasing something that never arrives, and gift card hoaxes, where people are tricked into paying with virtually untraceable gift cards or buying them, remain some of the most common.

Another rich arena for scammers?Social media.

"Social media is a huge opportunity," Nash says, "setting up social media accounts and luring people in, especially if you're dealing with social media platforms that aren't doing a particularly good job of regulating what is a valid account versus what isn't."

And if you do fall for a fraudulent post, all it takes is one click for disaster to ensue. Hit that link promising the deal of a lifetime to the first 500 customers, and you risk having your personal information stolen or your device compromised.

Related:如何避免被Influen吗cers With Fake Followings

How to avoid online scams on Black Friday and Cyber Monday

So, how can you stay safe while shopping for some of the best (legitimate) deals of the year?

First, never forget that if a bargainsounds too good to be true, it probably is, Nash says.

Once you suspect you might be a target, do your own investigation. For example, if you receive an amazing offer with a link attached, don't click it.

Instead, take a good look at that web address, Nash suggests, searching for any alterations to an authentic retailer's URL — whether it's one of those misspellings or capitalization swaps. Copying the address into a word document and switching up the font can make it easier to spot discrepancies.

You should also pay close attention to the message itself. Improper English and grammatical errors are red flags, Nash says.

Another simple tactic? Type the deal into your browser to see if it comes up anywhere else.

"If you start Googling it and you're somehow the only person that seems to know where this thing is, there's a good chance it doesn't exist," Nash explains. "You're not that special. None of us are."

It's also good practice to avoid giving out sensitive information as much as possible, even when websites seem legitimate. Consider using a separate credit card for online orders; some financial institutions even offer virtual credit cards. Both options can preventcybercriminalsfrom moving "laterally through the rest of your finances," Nash says.

Related:11 Ways to Protect Your Business From Cyber Criminals

Along the same lines, it's important to make sure you're using different usernames andpasswordsfor all of your accounts.

"If they trick you into the website and you give away your information, [for a] lot of folks, that means you give away everything because you didn't just give away that one Visa or MasterCard," Nash says. "It turns out that's the only password and username used for everything. More than ever, this is the time of year to remember to randomize passwords and use password management and two-factor authentication."

If you do make a purchase and have doubts after the fact, it might not be too late to protect yourself. Start by seeing if you received a confirmation email with tracking information — if you didn't, it's a bad sign.

"I had this happen to me, maybe 10 years ago," Nash says. "I got a laptop — it was a little too good to be true, but not crazy good. And I got a tracking number that didn't match up; the post office couldn't figure it out, et cetera. Well, lo and behold, that laptop never made it to my house."

But depending on your payment method and the insurance terms associated (which you should check before you shop), you might be able to recoup that money, Nash notes.

记住这些策略成功andsafeCyber Weekthis year.
Wavy Line
Amanda Breen

Entrepreneur Staff

Features Writer

Amanda Breen is a features writer at Entrepreneur.com. She is a graduate of Barnard College and received an MFA in writing at Columbia University, where she was a news fellow for the School of the Arts.

Editor's Pick

Related Topics

Social Media

How This 18-Year-Old TikTok Star Built a Business With 5 Million Followers

TikToker Ryan Shakes shares how he built a devoted and engaged following.

Marketing

The Role of PR in Successful Product Launches — Strategies and Best Practices

By executing a comprehensive PR campaign, brands can generate buzz, build credibility, and create a strong foundation for their product's success in a competitive market.

Growing a Business

How to Build a Culture of Learning in Startups

Startups tend to favor high productivity within short turnaround times. In such conditions, employees must be adaptable and learn new skills quickly. Therefore, training and development are crucial — a new employee needs to hit the ground running.

Business News

Anheuser-Busch to Lay Off 2% of Workforce Amid Declining Sales and Backlash

The layoffs will impact less than 2% of the total Anheuser-Busch U.S. employee population, which translates to approximately 380 positions eliminated.

Science & Technology

The Rising Threat of Generative AI in Social Engineering Cyber Attacks — What You Need to Know

The rise of generative AI is revolutionizing social engineering cyber attacks, making them more sophisticated and harder to detect. As these threats escalate, individuals and organizations must stay informed, exercise caution and employ robust cybersecurity measures to counteract this new wave of AI-driven cybercrime.

Business Ideas

The Top 10 Home Business Ideas for 2023

Can't figure out which enterprise you should launch in 2023? Check out 10 stellar home business ideas to get inspiration.