Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


7 top tips for a phishing-proof Black Friday — according to a CTO

Post a Fraud Alert:

Neil Larkins, CTO at Egress, shares his top seven tips for phishing-proof Black Friday, and protecting retailers from cyber criminals 7 top tips for a phishing-proof Black Friday image

Today is Black Friday, and cyber criminals are probably as excited about the shopping season as you are. Therefore, it’s highly likely that you’ll see phishing emails sweeping through your inbox, encouraging you to part with money, just when you’re trying to spend it.

As a result, Egress has prepared seven top tips for consumers to dodge cyberattacks during the busiest retail weekend of the year.

1. Be aware of what a phishing email looks like

Phishing emails are designed to look as real as possible, and to the untrained eye can look nearly identical to an email from a trusted sender, such as a bank or social media platform.

If you find the following features in an email from a ‘reliable’ sender, it is often a hint that the email is actually a phishing attack:

– Incorrect spelling and grammar

– Name in the email address not matching the user details in the email body

– An email received from an unknown sender or email address

– An unexpected change to the look/layout of an email

– Web links in emails

What are the Black Friday security threats and how can you avoid them?

As Black Friday approaches, what are the security threats and how can organisations and consumers avoid them? Read here

2. Check the web links

If you see a suspicious link in an equally suspicious email, DO NOT click on it. Instead, hover your mouse over the link to see if the address matches the link displayed or if possible, open the site in another window instead of clicking the link in your email.

3. Don’t open attachments

You might receive emails asking you to download a gift card registration document to fill out. DO NOT click on it. This could be a malicious document and clicking on it would allow a malware to steal your information. A safe attachment should allow you to preview it without having to download or open it.

A guide to cyber attacks: Phishing – Part 2

Information Age’s guide to cyber attacks continues with an examination of types of phishing attacks. Read here

4. Don’t be fooled by branded emails

If you receive a branded email and it is different to what you normally see, this could be a sign of an attempted phishing attempt. Examine the email address, subject and body; any typos will point towards it being a phishing email. If unsure, you should contact the sender through other channels to gain further clarification on the authenticity of the message.

5. If it’s too good to be true, it’s probably not true

Cyber criminals will try to disguise themselves as well-known and trusted brands and offer expensive things at a much lower cost. If the offer is not on the brand’s official website, it probably isn’t legitimate.

Amazon experiences technical error ahead of Black Friday

The retail and ecommerce giant, Amazon, has suffered what some a calling a data breach ahead of Black Friday. But, is this the case? Read here

6. Be cautious with any requests for personal or financial information

In general, you should be very cautious with any requests for personal or financial information. A retailer would never normally ask you these and would send you separate communications outlining this.

7. Adopt the right security technology

The best solution to avoid phishing attacks is to have the right security technologies in place. The application of machine learning, deep learning and NLP have made it increasingly possible to mitigate this risk. By analysing various attributes, from the sender’s authenticity to the end user’s ‘normal’ behaviour, smart technology can now recognise patterns and highlight anomalies.

In particular, in cases where a phishing email requires an individual to respond, users can be alerted to the fact they haven’t emailed this recipient before or that the recipient’s domain is not trusted – immediately raising red flags for the user in scenarios where cybercriminals are leveraging established relationships.

Article source: https://www.information-age.com/phishing-black-friday-123476753/