Black Friday is coming and threat actors are already surfing this wave of retail insanity. Not surprisingly, phishing remains an effective way to lure users into handing over their bank credentials and credit card data. Popular brands are often used as bait.

Last year holiday shopping phishing was extremely high due to COVID-19 and the percentage of consumers that chose to shop online. While this year should see more in-store shopping, it will obviously not be free from scams. In fact, Check Point has some excellent and very current  research related to the perils of this year’s holiday shopping season. Here they discuss the worrying trend of malicious shopping website registration so far in 2021:

“Since the beginning of October 2021, CPR researchers witnessed the highest number of malicious websites related to shopping and sales offers,” Check Point says. “On average, over 5300 different websites per week were spotted, marking a 178% increase, compared to the average in 2021, thus far.”

So, what to do? My grandmother really wants a new sweater! There is a lot of tried-and-true advice that will go a long in way in helping you avoid scams if followed closely. A few of the basics:

  • Use reputable security solutions to ensure safe browsing.
  • If it seems too good to be true, it is. Ignore hard-to-believe offers, as tempting as they may be.
  • Do not trust emails that have misspellings, strangely formatted logos/images or that just look “off.”
  • Check the hyperlinks in any emails before clicking them. Do this by hovering your cursor over the link and waiting for the destination link to pop up. If it looks different from the site you were expecting to visit, do not click it.
  • Navigate directly to popular websites by typing their address into the address bar (Walmart.com, target.com, macys.com). This way you can be sure that you are going to their official site instead of being redirected elsewhere by a malicious email link.

Want more tips? PC Mag does a fantastic job at summarizing the best of the best here.

From a business’ perspective, you do not want your customers or clients phished or scammed in your name. It is bad for business and erodes trust in your brand. There are services and/or data that can help to fight against phishing conducted in your name. For example, Malware Patrol has Newly Registered Domains and Phishing feeds that would allow your organization to monitor phishing sites and recently registered domains targeting your brand. No matter your course of action, it is important to do something! We’re always happy to discuss your needs to see if Malware Patrol might be able to help your business protect its brand – and invaluable reputation.

We urge you all – consumers and businesses – to stay safe this holiday season.