And cybersecurity experts are urging caution, because the consumer frenzy to catch the best deals is also creating a conducive environment for cyber criminals to strike.
Black Friday is the day after Thanksgiving Day in the US, when most stores offer huge discounts and people kick off their Christmas shopping. Cyber Monday is the Monday after Thanksgiving when ecommerce companies offer big deals.
“Global online shopping events have seen increased participation from India,” said Sundar Balasubramanian, managing director for India & Saarc at Check Point Software, an American-Israeli IT security company. These include not just Black Friday and Cyber Monday shopping events featured on global websites like Amazon, but also of local ecommerce players like Myntra, Tata Cliq Luxury and Chroma that too have offered impressive deals for customers this year, he added.
“Last year, around Black Friday, we saw a 178% increase in malicious web stores globally; therefore we urge shoppers to be on high alert for online scams this Black Friday,” Balasubramanian said.
Open your Instagram or try browsing any website, and chances are that you will be bombarded by ads from various brands about their Black Friday sale. In India, popular brands like Marks & Spencer and H&M, as well as direct-to-consumer brands such as Nestasia and BlissClub have been advertising their Black Friday deals all week.
Discover the stories of your interest
Typically, the holiday season is prime time for a range of cybercrimes. Based on the eCrime Index of American cybersecurity company CrowdStrike, adversary activity is at its highest during the holiday period, with actors trying to leverage phishing campaigns, opportunistic scams, payment-system attacks and disruptive operations in the form of data theft, ransomware campaigns or extortion for financial gain.
Consumers should be extra alert as to what links they click on and how they end up on a specific website, especially if it’s a brand they aren’t familiar with. While it’s hard to estimate how many Indian brands were likely to have their websites spoofed, companies said Black Friday scams were fast becoming a global phenomenon at different levels of cybercrimes and cautioned consumers about deals that would seem too good to be true.
“During the holiday season, increased online commerce and a general distraction as people focus on end-of-year activities create a ripe environment for e-criminals,” said Adam Meyers, senior vice president of intelligence at CrowdStrike.
CrowdStrike’s Global Security Attitude Survey 2021 had found the problem of identity-centric compromises (password/credential thefts) as one of the prominent security concerns for respondents from India, with 49% saying they were worried about identity and credential theft. E-crime accounted for 33% of the interactive intrusion activity in the Asia Pacific-Japan region, with retail being one of the top five impacted industries.
Researchers at CloudSEK have observed a series of threats and potentially malicious campaigns ahead of Black Friday 2022. These range from impersonation of legitimate websites to the spread of malicious applications. “The iconic Black Friday sale has become a global theme now where cybercriminals at every level and expertise try their best to launch malicious campaigns. Most of these campaigns misuse or impersonate popular brands and companies providing sales and services to cheat the public,” said Rishika Desai, a cyber threat researcher at CloudSEK.
Security companies advise consumers to be extra cautious about where they share their credentials and make payments, and to steer clear of anything that seems suspicious.