🎯Your biz is a target this Black Friday🎯

This is a special edition of the newsletter, to warn you about the dangers that come with Black Friday and Cyber Monday.

Consumers are not the only ones who can get scammed and robbed during Black Friday and Cyber Monday - small businesses can suffer the same fate, if they’re not careful. As a small business owner, the end of November usually means more work - website traffic is up, transaction volume is up - business is good.

But it can get messy:

• Plenty of people will be asking for refunds

• Some will be returning their parcels

• Your website, or other assets, might struggle to keep up with the demand, forcing you to hastily introduce new services

You can be damn sure hackers are paying attention and looking for an opportunity to drop some malware to your systems.

Here’s how they will try to do it:

They will send phishing emails with fake refund requests 

If your business allows customers to get refunded for a service they weren’t satisfied with, be very careful with incoming requests over the next couple of weeks. You could be sending money to fraudsters. Just make sure to double-check the email address from which the requests are coming, and scrutinize every message.

They will send phishing emails with fake parcel returns 

If you are in retail and send parcels to people’s doorsteps, you most likely get a return request or two, here or there. Here is how crooks exploit it: They send an email claiming a parcel could not be delivered and thus needs to be returned. The email often warns the recipient that they only have a few hours to react, otherwise the parcel will somehow be gone for good. 

Requesting urgent reaction is almost always a red flag and a sign of possible fraud

Usually, these emails ask the recipient to submit additional contact information so that the parcel can be returned, and offer a link where that can be submitted.

DO NOT OPEN THE LINKS IN THE EMAIL.

If you absolutely must click it, at least hover your mouse over the link for a few moments and look at the address that will show in the bottom left corner of your browser. If it’s a random string of characters and numbers - it’s almost certainly a fraud attempt.

Furthermore, when you click on the weird-looking link, and it redirects you to a familiar page (for example, your Microsoft 365 login page, your Gmail login page, or something similar) - you can be absolutely positive that login data will go to a hacker somewhere across the pond.

They will look for flaws in recently introduced software

When small businesses rush to adopt new software or services during sales events like Black Friday, they often prioritize cost savings over thorough vetting of the products. As a result, they may overlook critical security features, or vulnerabilities.

I’ve seen businesses buying discounted point-of-sale (POS) software without robust encryption protocols, failing to meet compliance standards for handling sensitive customer data. Just look at what happened to StartRite recently:

“The information stolen includes full names - as seen on credit and debit cards - postal addresses to which the cards are registered, card numbers, expiry dates, and the CVV numbers. In other words - whoever took this information has everything they need to make online card purchases, commit wire fraud, identity theft, and more.”

I’m not saying they purchased faulty PoS software, but someone evidently found a way to install a skimmer on their website. I bet my arm and my leg that many of the people who were forced to change their credit cards will never buy from these folks again. 

Be careful!

Black Friday and Cyber Monday can be an amazing opportunity for awesome profits, or they can be a nightmare that ruins your business. 

Which one happens depends on how reckless you are. But one thing is for certain - threat actors are out there looking for you.