The internet’s biggest shopping days fortify retailers and customers.
In 2017, Black Friday (November 24) and Cyber Monday (November 27) are eagerly anticipated by shoppers, retailers and cybercriminals. Pre-internet, Black Friday was merely the start of the US Christmas shopping season on the day after Thanksgiving. Online retailers globally adopted Black Friday promotions and sales from the turn of the millennium.
In 2005 came the first Cyber Monday, with the coining of the term and backing from US retail marketeers, three days after Black Friday, driven by US shoppers shopping online for cheaper deals on the goods they’d seen in shops over Black Friday weekend. Again, where the US led, the world followed and Cyber Monday boomed.
In 2016, Cyber Monday was the biggest single online shopping day ever in the US, with sales totalling $3.45bn (£2.64bn), a rise of 12 per cent on the 2015 total, according to research published by Adobe Digital Insights. A survey by PWC found 27 per cent of UK adults intending to shop online over Black Friday-Cyber Monday in 2016, with an average spend of £203, twice that of 2015, pushing a four-day total to £2.9bn.
Retailers monitor threats using the latest machine-learning technologies to hunt threats and monitor for unusual activity
(The largest online shopping day globally is November 11, because it’s Singles Day in China. Young, unmarried Chinese celebrate their romantic and economic freedom. On Singles Day 2016, Alibaba, the Chinese commerce giant, enjoyed sales of £14bn.)
But as more people flock online to spend billions, retailers must ensure their websites and apps are secure, using the latest cybersecurity methods, and that customers are aware of potential scams.
“Cybercriminals keep an eye on top sales as closely as shoppers do,” says Nick Shaw, vice president and general manager, EMEA of Norton, a digital security company. Shaw explains that there are a number of potential threats to shoppers online. Primarily, phishing scams can be used to trick people into parting with their money.
For instance, it’s possible for criminals to look at the most popular products and create fake adverts, which are sent from false but genuine-looking email addresses. When consumers click through the adverts to buy the products, their financial details can be stolen and then used across the web.
There are other risks. “A common method that scammers use around Black Friday is search engine infiltration,” says Shaw. This is when malicious adverts appear in search results. “When visited, these sites will either try to trick people into purchasing goods which are fake or do not ever arrive, or will download malicious software to a device.”
These pitfalls are echoed by Dr Jamie Graves, the CEO of startup ZoneFox. “With modern retail, it’s easy to forget how much of our personal data we hand over through online shopping, digital marketing initiatives, and loyalty schemes,” he says. For consumers the advice is to use strong passwords and have “a healthy dose of scepticism” when deals look too good to be true.
“Any badly written Black Friday emails or those that ask customers to open attachments should be instantly reported as spam,” Graves says. If customers see a deal in an email it can be safer to visit the website by searching organically, rather than clicking a link in the message.
While these risks exist for consumers, retailers are well protected against cyberattacks. The biggest known cyberattack on online retailers came in 2000, when Michael Calce, a 15-year-old hacker known as MafiaBoy, launched a series of attacks against some of the biggest websites at the time including the retailers Amazon, Buy.com, and eBay. His goal, which he achieved, was to shut down the sites rather than benefit financially. Retailers nevertheless ramped up their defences and have remained relatively secure since.
However, cyberattacks against large non-retail websites haven’t been as prominent as those against Equifax, Yahoo, and Adobe. A recent report from law firm RPC says that cyberattacks against the retail industry in the UK doubled from 2015/2016 to 2016/2017. Cybercriminals follow the money: in 2016, Tesco Bank was hacked and £2.5m of customer money was stolen from around 20,000 accounts. Also in 2016, US retailer Home Depot was forced to repay $19.5 million to its customers after more than 50 million credit cards were compromised.
Cybersecurity analysis firm UpGuard conducted research on leading UK retailers’ websites in 2016 and found Waitrose, Tesco, Debenhams and Topshop performed poorly compared with other shops. The analysis of the websites was based on publicly available information and none of the websites had specifically been hacked. To help retailers improve their website security, the British Retail Consortium has also released a cybersecurity toolkit that provides practical tips for businesses. These include assessing what the damage could be by conducting scans to discover vulnerabilities and creating plans in case the worst happens.
Jamie Graves says that as retailers see increases in traffic around Black Friday-Cyber Monday, they are ready for potential cyberattacks. “By knowing that there will be spikes in customer activity, online retailers can proactively monitor for threats from cybercriminals looking to capitalise on the shopping surge,” he says. “This can be done by using the latest technologies with machine-learning capabilities to hunt threats and monitor for unusual activity”.
Matt Burgess is a staff writer at Wired and the author of Freedom of Information For Journalists (Routledge, 2015).