Black Friday or Hack Friday? The Dangers Among the Discounts - Comment from ISMS.online
November 2024 by Luke Dash, CEO OF ISMS.Online
Brands are already promoting Black Friday and Cyber Monday sales, promising customers huge discounts and festive bargains. However, scammers are using increasingly sophisticated methods to trick consumers out of their hard-earned cash. GCHQ’s National Cyber Security Centre (NCSC) has warned of fraudsters targeting bargain hunters with increasingly sophisticated scams, sometimes crafted using AI, making them harder to detect.
However, Black Friday also brings a heightened risk of cyber-attack for organisations. Over 32,000 fraud and cybercrime reports were made to Action Fraud in November 2023; over 3,500 of those were made by businesses, with reported financial losses of £30.4million.
Comment from Luke Dash, CEO OF ISMS.Online:
Black Friday or Hack Friday? The Dangers Among the Discounts
"Brands are already promoting Black Friday and Cyber Monday sales, promising customers huge discounts and festive bargains. However, Black Friday also brings a heightened risk of cyber-attack for organisations. It offers a broader opportunity for cybercriminals, particularly with the increase in urgent and time-sensitive bargains offered by legitimate businesses. Over 32,000 fraud and cybercrime reports were made to Action Fraud in November 2023; over 3,500 of those were made by businesses, with reported financial losses of £30.4million.
"One way fraudsters will target businesses during this period is through weak passwords. Simple passwords like "123456" are still commonly used according to NordPass, making large-scale brute-force attacks easier for cybercriminals. Because many users continue to reuse the same passwords across their accounts, once a cybercriminal has cracked one account, they can access many more. This includes email profiles, corporate networks and business systems, dramatically increasing an organisation’s risk profile.
"AI-powered technology has been used in everything from creating fake websites that are identical to the real thing to sophisticated deepfake attacks allowing fraudsters to trick recipients into making corporate fund transfers. Whether AI is used to create fraudulent emails, attempt business email compromise-style attacks or create deepfakes to convince staff to make unauthorised payments, AI-driven scams can impact businesses during the discount period, too.
"To mitigate these and other risks this Black Friday, organisations should:
• Implement comprehensive training programs to help employees identify and report potential attacks
• Enforce strong password policies, including a minimum character requirement, recommend multi-factor authentication (MFA), and regular password changes
• Implement effective and proportional controls to manage organisational data and information, such as regular installation of updates and patches for the software in your organisation, data protection and effective access management."