There is an issue with your package delivery. Click on a dubious link and lose lots of money this festive season!

Jacqueline Jayne, Security Awareness Advocate, KnowBe4

As we approach Black Friday and Cyber Monday, retailers have their cards on the table for us all to see; their sales headlines are coming thick and fast — and so are the phishing ads from the scammers.

Be on the lookout for all incoming communications such as text messages (smishing), voice messages (vishing) and emails, as each one could be a well-designed scam as it is here you will find most scams.

Other notifications to be wary of: without addressing you by name, messages will some urgent problem:

    • We were unable to deliver your parcel. Click here to confirm delivery details << nasty link here >>
    • We attempted to deliver your parcel and you weren’t home. Click here to organize another delivery time << nasty link here >>
    • There is an issue with your order from << vendor name >>. Click here to fix the issue and avoid delays << nasty link here >>
    • Your order for << insert product >> for $250 has been cancelled. Click here to confirm your refund << nasty link here >>

Additionally, t’is the season for fake charity donation requests: be wary of any message or ad soliciting donations with heartwarming stories. Or, if you are asked to pay for a purchase online using a gift card, then it is more than likely a scam. 

Tips to stay safe online

    1. Only buy on official websites from authorized sellers or reputable sources, especially for high value items. Ignore anything that comes to you via email, SMS or a pop-up ad.
    2. There will be an increase of emails, notifications, pop up ads with amazing deals all asking you to CLICK on something or OPEN something to access the deal. Unfortunately, many of these will be fake and scams so pay close attention and do not click!
    3. Use a reputable and widely-offered third-party payment service that offers users an extra layer of protection. Consider getting yourself a gift credit card or a separate credit card restricted only for online transactions.
    4. Scammers lurk popular messaging platforms and offer a better or faster deal if bank transfer payments are made directly to them — beware.
    5. Do not use free public Wi-Fi for any transaction involving payments. If you must, get a VPN service to make the public Wi-Fi connection more private while you are online.
    6. Be aware of parcel delivery scams via email and SMS. Always go to the official website to track parcels.
    7. Make sure you are not reusing your passwords and login details for various shopping websites. Using the same email address is fine – however, do not ever use the same set of passwords. If there are too many to remember, you can store a list in a secure place, or get yourself a password manager tool to manage all your passwords.

Best cyber practices for retailers

Should a retailer become the victim of a successful cyberattack, other than the financial impact and brand damage, loss of customer trust and regulatory penalties. Retailers really need to take steps to protect their systems and customers.

    1. Patch your software and check that your networks are protected from vulnerabilities.
    2. Take your employees through security awareness training to avoid falling for scams and social engineering attacks in both their personal and professional lives.
    3. Make sure all your employees know what to expect in relation to paying invoices or transferring money. If they do not understand what a Business Email Compromise (BEC) is, the chance of them falling for one is very high.
    4. Educate your customers on precautions and suspicious signs to watch out for. Have a page on your website dedicated to communicating expediently with customers on any scams that have been reported.
    5. Use social media to keep customers up to date with scams and educate them about online safety. For physical retailers, the same education and help channels also need to be accessible.

Just remember that the same safety protocols apply every year, all year round.