November 22, 2016
The promotional emails are cluttering the inboxes of consumers as Black Friday nears, kickstarting a holiday shopping season increasingly conducted online.
Promotion after promotion hypes all kinds of savings, sending some online shoppers into a frenzy. But they also leave hackers salivating for entirely different reasons.
Come Cyber Monday, hundreds of thousands, if not millions, of people will enter personal financial information online as they complete varying purchases. Many will be mindful to ensure they are doing so in a secure manner, but others will not. And hackers will be ready to prey.
That sets up a day that Nick Barone and other cybersecurity experts have come to call "Hacker Tuesday." It's the day the hackers begin using or selling the personal information they stole from online holiday shoppers, though some may wait weeks or even months to do so.
"Hacker Tuesday is theoretical," said Barone, director of EisnerAmper’s Cybersecurity Practice. "Some hackers will steal credit cards and use them on Tuesday. A good hacker is going to collect thousands of cards and then use and resell them out on the marketplace."
It's not necessarily a recent phenomenon either. Though retailers have marketed the first Monday after Thanksgiving as "Cyber Monday" in recent years, the day has been a busy one for online shopping for more than a decade. That's partly because it marks the last day consumers can purchase gifts without paying extra shipping costs.
Hackers not only have used it to steal payment information, but they also target personal information — addresses, phone numbers, email addresses, etc.
An estimated 137 million Americans will shop — either at a store or online — sometime over Thanksgiving weekend, according to the National Retail Federation. That number doesn't include Cyber Monday, when 36 percent of consumers say they'll shop.
There will be lots of steals — but not all of them will be the ones shoppers thought they were getting.
To help online shoppers protect their personal information, Barone offered three tips:
Many consumers incorrectly assume that corporate network security efforts are more secure than using their personal devices. In reality, Barone said, online shoppers are at similar risk if they end up visiting a web site infected with malware — software that aims to damage computers.
Many companies now hold employees liable for any risks they create through dangerous web surfing or downloading, Barone said.
"Be aware that companies today are monitoring and almost admonishing employees who infect their computers due to excessive online searching," Barone said. "Keep your time to a minimum. Do not follow re-directed links."
Before beginning an online shopping spree, Barone urged consumers to employ an antivirus update.
And if a consumer doesn't have an antivirus software installed on their device, he advised them to use a free program or take advantage of a free trial. Antivirus software offered by Avast, AVG, Avira and Kaspersky are trusted programs, Barone said.
"They're free," Barone said. "You can always uninstall them."
It can be tempting to search an array of web sites to find the cheapest price for a product. But there are various online scams posing as reputable retailers.
"If you have to look — a hard, deep search for best price - be leery that you could be going to web sites out there to steal your credit card information," Barone said.
Barone advised shoppers to stick to retailers they are familiar using. He also encouraged smartphone users to install the apps offered by known commerce web sites, like Amazon.com, noting they are typically a safe way to shop online.