This Friday millions of people will venture out in the middle of the night and brave frigid temperatures and long lines to battle for Black Friday holiday shopping bargains. Many retailers have expanded to include online promotions as well on Black Friday--including Amazon and Apple. Whether you plan to do your Black Friday shopping sitting at your PC, or join the crowds there are some inherent security concerns to watch out for.
Don't Click the Link
Tim 'TK' Keanini, CTO for nCircle, says "Don't respond to any online offer that links directly to an e-commerce site. We're all on guard against deals that are too good to be true, but a referral to an 'excellent deal' from one of your Facebook friends is just one of hundreds of ways hackers will use to get you to drop your guard this holiday season."
Attackers know that Black Friday shoppers are in battle mode and are more inclined to aggressively jump on any offer for fear of missing out on a great deal. If a deal sounds enticing, feel free to explore it, but type the URL into your browser yourself rather than risk following a malicious link to a spoofed Web site.
Beware Online Ads
Online ads can capitalize on the trusted reputation of credible sites to deliver malicious content. Tim Erlin, Principal Product Engineer for nCircle explains, "Don't even think about clicking on an ad, especially those great deals. Ad content is delivered by third parties and is a favorite attack tool for hackers of all stripes. This is true even for very well-known e-commerce sites where online shoppers feel safe."
The site you are visiting typically has no direct control over the third-party ads that are served, and is often completely unaware of suspicious or malicious ads unless they are reported. That $100 iPad ad is guaranteed to be fake, and most likely malicious--so don't click on it.
Keep an Eye on Your Card
There is a reason that many retail stores have switched to using credit card swiping machines at the checkout counter where you swipe your own card. Keeping your credit card in your control minimizes the opportunities for the card information to be copied, or for the magnetic stripe data to be stolen. Following a recent family trip to Washington DC, two different credit cards from two different banks were compromised and cloned--leading to thousands of dollars in fraudulent charges.
Don't Mix Coffee and Shopping
No, I am not referring to the potential risk of frying your laptop by spilling your caffeinated beverage on it. Feel free to take advantage of free Wi-Fi at public hotspots like Starbucks, just don't do your Black Friday shopping while connected to a public wireless network.
Oliver Lavery, Director of Vulnerability and Exposure Research for nCircle elaborates, "Don't purchase anything at Starbucks, or any other public network, even though sitting down sipping a peppermint mocha sounds a lot better than fighting the crowds. Public networks are full of potential security holes--remember Firesheep?"