Black Friday is one of the most anticipated dates for retailers, marked by attractive discounts and an exponential increase in purchasing volume. However, while consumers seek to take advantage of the best deals available, cybercriminals see this date as a valuable opportunity to exploit vulnerabilities and carry out digital attacks .
For this reason, it's crucial that companies establish protocols and security measures to protect themselves from these actions during this period. This way, they can protect the customer and ensure that no issues arise due to a lack of cybersecurity .
Why is Black Friday a target for cybercriminals?
During Black Friday, traffic on e-commerce sites increases significantly, creating vulnerabilities that can be exploited. This high concentration of digital activity attracts cybercriminals , who are interested in disrupting services , stealing sensitive data , or carrying out scams.
Consumer behavior plays a key role in increasing risks. Thus, the search for unmissable deals leads people to neglect online security , potentially clicking on suspicious links or accessing websites without verifying their authenticity.
Furthermore, during Black Friday, the use of mobile devices for shopping increases, expanding the attack surface. A report by Appreach revealed that 72% of all sales traffic in the country is conducted via smartphones during this period. However, while tablets and smartphones are quite convenient, they often lack the necessary protections, making them attractive targets for malware and other types of threats.
The exponential growth in online transactions
As mentioned earlier, retail sales increase significantly during Black Friday. According to a survey conducted by Opinion Box , 55% of consumers already plan to purchase something on Black Friday, while 35% are undecided . Furthermore, the survey revealed that online sales are expected to increase by 10% during this period.
It's important to remember that Black Friday brings together a massive amount of sensitive data , such as payment information, personal details, and purchasing preferences. Cybercriminals use this information to carry out targeted attacks, such as identity theft and financial fraud , which can cause immense losses to consumers and businesses.
Among the most exploited vulnerabilities during this period are outdated systems and insecure connections . Cybercriminals can intercept transactions on public Wi-Fi networks , capturing sensitive data provided by consumers.
To avoid this problem, companies need to implement end-to-end encryption information protection is crucial to maintaining consumer trust and brand integrity .
Sales data and digital vulnerabilities
During Black Friday, the sheer volume of transactions creates a rich for cybercriminals, who seek to exploit vulnerabilities in payment systems and data storage . According to data from ClearSale, losses from Black Friday fraud exceeded R$10 million in 2023. credit card numbers , purchasing preferences, and personal addresses become valuable targets, potentially being used for financial fraud or resold on the dark web .
Furthermore, transactions made through Pix have also increased. A survey conducted by Fiserv revealed a 131% increase in 2023 compared to the 2022 Black Friday, a figure that could be even higher in 2024.
Cybercriminals use advanced strategies to intercept and manipulate this data. Common methods include Man-in-the-Middle attacks , which capture information during transmission, and exploiting unprotected servers . Websites that lack SSL certificates are particularly vulnerable and can expose consumers to significant risks.
Investing in robust security technologies, such as end-to-end encryption, minimizes vulnerabilities. Therefore, consumer awareness is essential, and it is recommended to avoid purchases from sites without proven security and keep devices up-to-date to reduce risks.
The rush and the impact on security
The rush to make transactions and take advantage of Black Friday deals is one of the factors that most compromises consumers' digital security. The fear of missing out on limited promotions leads users to act impulsively, clicking on links without verifying their authenticity . This rush is exactly what cybercriminals need to carry out their scams.
For this reason, cybercriminals create fake pages , misleading ads, and fraudulent media that impersonate major brands or legitimate offers. According to a study by Redbelt Security, cybercriminals create more than 100 fake pages daily to trick consumers into making purchases.
A recent survey by the DataSenado Institute showed that digital scams affected 24% of Brazilians over the age of 16 last year. This means that more than 40.85 million people suffered financial losses due to cybercrimes, such as internet fraud , account hacking, or card cloning.
Furthermore, it's important for both businesses and consumers to remain vigilant. Organizations can invest in awareness campaigns to warn about the dangers of fake websites and suspicious links. Consumers, in turn, can protect themselves by adopting simple practices, such as avoiding clicking on unknown links and verifying the URL .
Main Black Friday Threats
Black Friday is one of the busiest periods for both physical and digital commerce, but it's also a fertile ground for cybercriminals . During this event, they take advantage of the increased transaction volume and reduced vigilance to launch large-scale and more sophisticated attacks.
Among the most common threats is phishing , an attack in which fake media or messages are distributed simulating promotions from trusted stores. Thus, to cause temporary downtime and operational losses, cybercriminals frequently carry out DDoS attacks, deliberately overloading websites, especially during peak periods like Black Friday, when users are more prone to rash actions.
Malware disguised as shopping apps or software updates is another potential threat, as it can steal users' personal and financial information. Furthermore, as mentioned previously, creating fake websites that mimic legitimate business pages is also very dangerous. These sites trick unsuspecting consumers and capture financial and personal data.
-
Phishing and fraudulent emails
Phishing is one of the most common cyberthreats during Black Friday, exploiting consumers' inattention and rush to find deals. The Thales Global Data Threat Report (DTR) 2024 showed that cyberattacks continue to grow exponentially, with phishing responsible for 32% of criminal activity.
In this type of attack, cybercriminals send fake emails or messages pretending to be trusted stores and promising unmissable deals, forcing consumers to provide valuable information.
These emails often create a sense of urgency, prompting consumers to act without verifying their authenticity. For this reason, many phishing emails may come with phrases like " Last Chance " or " Promotion valid for a few hours ."
To protect yourself, you need to carefully check the sender's address and avoid clicking links or downloading attachments from unsolicited messages . Companies can reduce their customers' exposure to these attacks through educational campaigns and technologies like anti-phishing filters .
How to identify suspicious messages?
Phishing emails , while sophisticated, still share common characteristics that help identify them. Frequent grammatical or spelling errors can be a dead giveaway, as many of these messages are automatically translated or created without due attention to detail. The links contained in these fake emails are suspicious, using URLs that mimic legitimate websites but with minor changes, such as different domains or character changes .
Requests for personal information are another common feature, as urgent messages, as mentioned previously, create psychological pressure to get the recipient to act quickly, without verifying the authenticity of the content.
To avoid harm, consumers should avoid clicking on suspicious links , hovering the cursor over the address to verify that it is a real link, or accessing the store's website directly through the browser.
-
DDoS attacks and service interruptions
During Black Friday, distributed denial-of-service (DDoS) posed a recurring and particularly destructive threat. Nescout Systems published the 2024.1 DDoS Threat Intelligence Report , with data from the first half of 2024. According to the report, there was a significant 43% increase in application-level attacks and a 30% increase in volumetric attacks, with Europe and the Middle East being the most affected regions.
To carry out these attacks, criminals use networks of compromised devices, known as botnets, which consist of machines infected with malware and controlled remotely. Hackers exploit personal computers, servers, and Internet of Things (IoT) devices, such as security cameras, routers, and smart home appliances, to generate attack traffic.
A DDoS attack begins with the creation of a botnet, where the attacker controls a large number of bots (infected devices) and then instructs these devices to send simultaneous requests to the victim's server or network. The goal is to flood the system with excessive traffic , which can result in crashes, rendering the website or service inaccessible. The fact that each bot is a legitimate device makes attack identification and mitigation more complex, as malicious traffic blends in with legitimate traffic, making it difficult to distinguish between the two.
The impact of a DDoS attack during Black Friday is particularly severe, as this online shopping period already generates an exponential increase in consumer traffic. Servers, already overloaded due to the volume of accesses and transactions , become even more vulnerable to these attacks , resulting in system outages, transaction interruptions, and loss of access to websites. For businesses, the damage is not limited to lost revenue during the shutdown.
Consumer trust directly impacts a company's image. Consumers who experience difficulties accessing websites miss out on purchasing opportunities, which can lead to frustration and even distrust in the company's ability to guarantee a safe and efficient service.
Beyond the direct financial loss, companies also face challenges in restoring their market image. Perceived inefficiency or lack of security can have a lasting impact on customer loyalty and brand reputation. Typical signs of a DDoS attack, such as an unexplained increase in traffic at unusual times or a sudden spike in requests to the same page, require detailed investigation and the use of data analysis tools to distinguish between an attack and a legitimate traffic spike. This complexity makes defending against DDoS attacks a constant challenge for companies, which must be prepared to quickly identify and mitigate these threats during peak demand periods, such as Black Friday.
Impact on online shopping and business operations
Website downtime during Black Friday can have a significant financial impact on organizations. During this period, many stores generate a significant portion of their annual revenue, and when the website is down, sales opportunities are lost . Additionally, there may be additional costs, such as system repairs and attack mitigation, as well as compensation for affected customers .
Service interruptions can harm customer loyalty . Many customers' frustration at not being able to access advertised offers can lead them to abandon the company and seek out competitors. This, in addition to decreasing sales, also affects the brand's image in the long term. Customer trust is a valuable asset for companies, and it can be severely impacted by an attack of this type.
-
Malware and fake pages
While it's a recurring problem year-round, malware and fake pages can increase significantly during Black Friday. Consumers are more likely to encounter this type of scam, as cybercriminals take advantage of increased traffic and the search for discounts to spread their strategies.
By clicking on fake links or visiting fraudulent websites , consumers can download malicious software onto their devices. This malware can be used to steal information and even take control of the victim's device, facilitating further scams.
It's important to remember that these fake pages are created by cybercriminals to look identical to the original, but with the goal of collecting confidential information. These pages are often distributed through phishing emails , social media ads , or direct messages to consumers.
To combat this type of threat, it's crucial to be aware of certain warning signs. Check that the website is secure and avoid clicking suspicious links received via email or social media. Always shop from trusted and well-known websites , using security solutions to reduce the risk of infection.
In addition to checking whether the website address begins with "https" and whether a padlock appears next to the URL, also evaluate the website's appearance: spelling errors, an odd layout, or poorly organized pages could be signs of fraud.
Another tip is to check whether the website provides basic information, such as a CNPJ (Brazilian taxpayer identification number), physical address, and clear contact information, such as a functional customer service center. Preferably type the website address directly into your browser and avoid clicking on links sent via email or social media, which may lead to fake pages.
-
Credit card data fraud
As mentioned, many cyberattacks focus on obtaining consumers' personal data , and this information can be used by criminals in other frauds, such as credit card fraud . Cybercriminals use various tactics to capture this financial information, taking advantage of the rush and enthusiasm to take advantage of deals. With this data in hand, criminals can make fraudulent purchases , execute bank transfers , or even sell the information on underground markets .
This data can be obtained in various ways, such as through malware , phishing emails , fake websites , and even keyloggers , which are installed on computers or devices to record keystrokes. Man-in-the-Middle attacks can also be used, where cybercriminals intercept communication between the consumer and the store's website to steal the transmitted information.
To protect your financial data during Black Friday , consumers should take some security precautions. First, always check that the website you're purchasing from is legitimate and uses a secure connection . Use digital wallets or virtual cards that generate temporary credit card numbers for this type of transaction, reducing the risk of exposing your real data .
The Future of Black Friday and Cybersecurity
As we've seen throughout this article, Black Friday is an unmissable opportunity for consumers and cybercriminals looking to exploit vulnerabilities. As technology advances and online transactions become more sophisticated, new challenges for digital security emerge. Protecting information , ensuring the integrity of e-commerce platforms , and consumer safety are issues that have become even more critical, making it essential to constantly adapt, both on the part of businesses and consumers.
AI-based attacks and sophisticated malware
As security systems become more robust, cybercriminals . With technological advancements, new attack strategies are being developed, such as deepfakes and AI-based attacks . These measures can simulate legitimate actions, deceiving consumers and the security system, requiring constant adaptation and improvement.
The automation of cyberattacks , in turn, can allow criminals to carry out large-scale fraud more quickly and effectively, challenging companies' defenses and creating a more dangerous environment for e-commerce .
The sophistication of malware also presents a significant challenge. Cybercriminals have developed clever strategies and more sophisticated malware that can be even more dangerous to users and harder to detect.
To spy, sabotage, or extort money, hackers use advanced techniques to design sophisticated malware that evades detection and causes large-scale damage. Examples include Stuxnet , which sabotaged nuclear centrifuges in Iran, and WannaCry , which spread globally using the EternalBlue vulnerability to encrypt data and demand ransoms. NotPetya , while similar to WannaCry, aimed to destroy systems, affecting companies worldwide.
For this reason, developing security strategies is tireless and intense work, seeking new ways to protect users against this type of action.
IoT Devices and Supply Chain Vulnerabilities
The growing adoption of IoT (Internet of Things) devices in corporate environments, especially during high-volume events like Black Friday , creates new opportunities for cybercriminals . These devices, such as smart thermostats and even monitoring devices, connect to the network, becoming potential access points for attacks. These devices often lack robust security features, making them vulnerable access points . The lack of security protocols on these devices makes it easy for cybercriminals to exploit this vulnerability to access sensitive systems and confidential data.
Furthermore, the supply chain has become an increasingly targeted target, as many companies rely on suppliers for the delivery of products and services. When this network is compromised, attackers can access sensitive information, such as customer data and internal processes , targeting products and services .
An example of this was the attack against SolarWinds , which demonstrated a vulnerability in a single vendor that compromised the security of an entire corporate network. During high-traffic events like Black Friday , companies should ensure that their vendors implement robust cybersecurity measures .
How can your company protect itself during Black Friday?
We know that Black Friday is one of the most anticipated dates in commerce, but also one of the riskiest for digital security . The increase in online transactions and the pressure to offer unmissable discounts make businesses easy targets for cybercriminals . Therefore, companies must take measures to protect themselves and avoid losses caused by these attacks.
These measures must be implemented to ensure operations remain safe and continuous , while also avoiding financial loss and reputational damage. Below are some best practices businesses can follow to protect themselves during this period of high demand.
Investment in infrastructure and security
One of the best ways to protect your company from cyberattacks during Black Friday is by investing in a more robust security infrastructure . This involves not only implementing firewalls , DNS filters intrusion detection systems , but also strengthening your corporate network to handle the increased traffic.
During Black Friday , many websites experience heavy overload, which can make systems vulnerable. Therefore, it's the company's responsibility to prepare and strengthen its server and network infrastructure to support a high volume of simultaneous access.
Firewall solutions and constant monitoring
Robust firewalls are essential to create a protective barrier against external attacks. With Black Friday a heightened threat of cyberattacks, companies must implement constant network monitoring to ensure protection.
Advanced security tools can be used to identify suspicious behavior and potential vulnerabilities in real time , allowing security teams to act quickly to block them. Combining firewalls , next-generation intrusion detection , and real-time monitoring is an effective strategy for detecting and preventing unauthorized access attempts and other threats.
Consumer education
While internal company security is essential, it's also necessary to invest in consumer education to prevent fraud and various types of attacks. During Black Friday , consumers are more likely to fall for scams, such as fake websites and fraudulent emails, due to their rush and eagerness to find unmissable deals. Providing clear guidance on recognizing safe websites and verifying authentic URLs is crucial, in addition to guidance on avoiding clicking on suspicious links .
Companies need to educate their customers about best security practices, such as using strong passwords and only making purchases on secure websites (https) . In addition, two-factor authentication (2FA) is essential, contributing to a safer digital environment and increasing the protection of personal information.
Another key tip is to avoid using public Wi-Fi networks to improve transaction security. Many of these networks lack the necessary security features, leading to information exposure and an increased attack surface.
Implementing two-factor authentication (2FA)
Two-factor authentication is a crucial measure for protecting accounts from unauthorized access . It requires users to provide at least two different forms of identification to significantly hinder the work of cybercriminals .
This process works as follows:
- First layer: The first layer of multifactor security is the password , common on most platforms. However, these passwords can be vulnerable to brute-force attacks . Therefore, a password alone is not sufficient to guarantee security, especially during periods of high traffic.
- Second layer: An additional code acts as a second layer of security, requiring the user to provide a code to confirm their identity. This code can be sent via SMS , email , or generated by an authentication app . With a limited validity, it makes it much more difficult for cybercriminals to exploit the stolen information.
Avoid Black Friday scams
Black Friday is one of the biggest shopping days of the year, and the sheer number of tempting deals can create very dangerous vulnerabilities. According to the "Black Friday Consumer Outlook 2024" study conducted by Mercado Livre, 85% of respondents intend to shop on Black Friday , highlighting the large number of consumers who take advantage of the promotions. However, during this period, consumers are more susceptible to errors and cyber risks, making it important to adopt resources and tools that help maintain protection.
There are some security strategies that can help these consumers avoid becoming victims of fraud, as we will see below:
Website authenticity verification
Before making an online purchase, the first security measure you should take is verifying the authenticity of the page you're visiting. One way to do this is by verifying the SSL certificate , identified by the presence of "https://" in the URL and the padlock in the address bar.
Searching for reviews and feedback from other consumers is crucial, helping you verify the site's reliability and whether other purchases have been made. Fake sites often have excessively low prices , typos, and suspicious contact information, all of which are indicators that something is amiss.
Be careful when clicking on promotional links
On Black Friday, cybercriminals often send numerous fraudulent emails with links that redirect to fake and malicious websites. When receiving email offers, especially those with large and excessively advantageous discounts, verify the sender and be wary of messages that create a sense of urgency , such as "Last Chance" or "Limited-time offer."
To avoid falling for this type of scam, go directly to the website address in the navigation bar and don't click on links received via email. If the discount seems too good to be true, it probably is.
How to recognize fake URLs
As mentioned, cybercriminals develop fake URLs to facilitate their scams. Therefore, it's important to recognize these URLs to avoid accessing fake pages and providing personal or financial information.
Here are some tips for identifying fake URLs:
- Check the URL: Fake websites often have slight variations compared to the official URL. A fake website may use a different domain than the original and may even contain typos, extra characters, or subtle substitutions, such as swapping the lowercase letter "l" for the number "1."
- Suspicious domains: Domains used by fraudulent websites may share common suffixes, such as .net or .xyz . Check that the domain appears legitimate and that there are no suspicious additions to the website name. Criminals often add words like "discount" or "offer" to the domain to create a sense of urgency.
- SSL Certificate: While the URL itself isn't a guarantee, the security padlock in your browser is a good indication that communication between your browser and the website is properly encrypted. It's important to remember that an SSL certificate doesn't guarantee that the website is trustworthy, only that the connection is secure.
Use of more secure payment methods
Choosing a payment method is also crucial for protecting your information. On Black Friday, consumers need to be mindful of their payment options to ensure their purchases are secure and protected against fraud and criminal activity.
Using more secure payment methods can help reduce the risk of data theft and keep your information confidential. Platforms like PayPal, Google Pay, and Apple Pay are popular because they offer an extra layer of protection by not directly sharing your card details with the merchant .
Virtual cards are also an excellent alternative, as they offer credit or debit cards generated for a single transaction only. These cards display a different number than your physical card, preventing criminals from making additional purchases using this information.
How to ensure a safe Black Friday
To ensure a safe Black Friday, both businesses and consumers need to adopt proactive cybersecurity . The increase in transactions and the frenetic search for great deals creates a perfect environment for cybercriminals , who implement information diversion and financial scams to deceive a large number of users.
Companies must invest in robust security infrastructure , implementing two-factor authentication and continuous monitoring systems to maintain website protection. Educating employees on how to identify cyberthreats that can affect operations and transactions is crucial.
Consumers should be informed about the importance of caution during this period. Remind them to verify website authenticity , use secure payment methods , and avoid promotional links that may be fraudulent.
The importance of a trusted digital ecosystem
Constant collaboration between businesses, governments, and consumers is essential to creating a secure digital environment , especially during high-volume events like Black Friday. Organizations need to invest in protective technologies and adopt clear security policies for their users. The government can create stricter regulations and conduct awareness campaigns to alert consumers to the risk of online fraud.
It's essential to work together to ensure everyone is prepared and protected in the digital environment not only during Black Friday, but also during all purchases. To this end, the National Consumer Secretariat (Senacon), part of the Ministry of Justice and Public Security, has prepared a guide based on the Consumer Protection Code with guidelines specifically for Black Friday.
Consumers should remain vigilant about digital security best practices , such as using strong passwords and multi-factor authentication to protect their personal and financial information. Working together can make all the difference in reducing the incidence of fraud and ensuring fewer victims during Black Friday.
