• Home
  • Cybersecurity

Staying Safe on Black Friday

This year’s Black Friday is expected to smash all previous records, with consumers set to spend an estimated $29 billion online over Thanksgiving weekend. All that money means cybercriminals will be busier than ever deploying malware to target both you and the online retailers you trust. Some hackers, like the ones who struck Macy’s last month, attack merchants’ websites directly. Many more scams, however, are designed to lure you away from legitimate sellers and steer you toward malicious sites or apps that often spoof familiar retailers like AmazonBest Buy or Walmart.

For example, research from RiskIQ, a security company, said it identified almost 1,000 malicious apps using holiday-related terms, and over 6,000 apps using names and slogans from popular retailers to reel in unsuspecting victims. RiskIQ also said it found 65 malicious websites posing as popular retailers in an attempt to fool you into giving up your personal information.

Here’s how you can stay safe…

Look Out for Phishing

In a phishing scheme, the victim receives an email or text message directing them to enter payment information or other personal details on a fraudulent website, which is often designed to look just like a legitimate site. 

According to cybersecurity company McAfee, over a third of all Americans have fallen victim to phishing schemes in the last year.McAfee

A recent survey by cybersecurity company McAfee reports that 41% of Americans fell victim to email phishing schemes in 2019. Unsurprisingly, a similar number — 39% — reported that they don’t check email senders or retailer websites for authenticity. 

To top it all off, 30% of respondents reporting losses of $500 or more just in the last year alone.

If the data from RiskIQ is any indication, expect a surge in messages claiming to be from AmazonBest BuyWalmart, Target or other large retailers over the next few months. If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else.

Other ways to identify a phishing email, according to the Federal Trade Commission and StaySafeOnline.org, include:

  • The sender’s email address looks almost right but contains extra characters or misspellings.
  • Misspellings and/or bad grammar either in the subject line or anywhere in the message.
  • Addresses you with generic terms (“Mr.” or “Ms.” or “Dear Customer”) instead of by name.
  • The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
  • The messages promise a refund, coupons or other freebies.

Protect Your Credit Card Information

Tim Mackey, principal security strategist for Synopsis, a digital security company, warns, “There isn’t an obvious way for the average person will be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'”

Mackey suggests a few strategies consumers can use to protect themselves:

  • Don’t save your credit card information on retail sites.
  • If possible use a third-party payment method like Apple Pay, Google Wallet or PayPal.
  • Enable purchase alerts on all your credit cards.
  • Disable international purchases on all credit cards.
  • Only make purchases from your home or cellular network, never on public Wi-Fi where your payment could be intercepted.

Check out more Black Friday Tips here:


Used with the permission of CNET.

Securing Electronic Devices While Traveling

Travel Tips from the Department of Homeland Security

Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information.

With the holiday season approaching, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be mindful of the security risks associated with traveling with PEDs. CISA encourages travelers to take the following steps to protect their personal information:

  • Avoid using public Wi-Fi networks to conduct personal business. Open Wi-Fi networks at places such as airports present an opportunity for attackers to intercept sensitive information.
  • Turn off Bluetooth when not in use. Cyber criminals have the capability to pair with your device’s open Bluetooth connection and steal personal information.
  • Be cautious when charging. Avoid connecting your device to any computer or charging station that you do not control, such as a charging station at an airport terminal.
  • Remember physical security. Do not leave your device unattended in public or easily accessible areas.

Check out CISA’s Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices for more information and tips.

Impersonation Phishing Tips

Over the last month Technology Services has a seen a jump in the number of impersonation phishing attacks in our district. The attacker will impersonate a building administrator or someone from the ESC.

What to look for:

  • A fake, personal, or non-work email. Emails from administrators should always be from their USD 497 email address. Attackers often use the administrators name but a fake Gmail account.
  • Too busy to talk… Attackers will often include language in the email like “I am in a meeting right now” to get victims to respond to the email.
  • Asking for money, gift cards, or cryptocurrency. A common trend is emails asking for staff to go out and buy gift cards.

Other Tips

  • Look out for impersonal greetings. Phishing emails often address emails to “Dear Customer” or “Employee” rather than your name.
  • Pay attention to the grammar. Read the email carefully, don’t just skim it. Many phishing attacks come from other countries, so these emails are often written by non-native English speakers.

See it? Say! Report phishing emails to security@usd497.org.

Translate »