Black Friday is one of the most anticipated dates for merchants, marked by attractive discounts and an exponential increase in purchasing volume. However, while consumers seek to take advantage of the best offers available, cybercriminals see this date as a valuable opportunity to exploit vulnerabilities and carry out digital attacks .
For this reason, it is essential that companies establish protocols and security measures to protect themselves from these actions during this period. customers ' experience and ensure that no issues occur due to a lack of cybersecurity .
Why is Black Friday a target for cybercriminals?
During Black Friday, traffic on e-commerce sites grows significantly, bringing with it vulnerabilities that can be exploited. This large concentration of digital activities attracts cybercriminals , who are interested in disrupting services , stealing sensitive data or carrying out scams.
Consumer behavior plays a fundamental role in the growth of risks. Thus, the search for unmissable offers leads people to neglect online security , and may click on suspicious links or access websites without checking their veracity.
Furthermore, during Black Friday, the use of mobile devices to make purchases increases, expanding the attack surface. A report by Appreach revealed that 72% of all sales traffic in the country is carried out via smartphones during this period. However, although tablets and smartphones are very convenient, they often lack the necessary protections, making them attractive targets for malware and other types of threats.
The exponential growth in online transactions
As we said previously, retail sales increase significantly during Black Friday. According to a survey carried out by Opinion Box , 55% of consumers already plan to purchase something on Black Friday, in addition to 35% of undecided consumers . Furthermore, the research revealed that there is a forecast of a 10% increase in online sales during this period.
It is important to remember that Black Friday concentrates a massive amount of confidential data , such as payment information, personal data and purchasing preferences. Cybercriminals out targeted attacks, such as identity theft and financial fraud , which can cause immense losses for consumers and businesses.
Among the most exploited vulnerabilities during this period are outdated systems and insecure connections . Cybercriminals can intercept transactions on public Wi-Fi networks , capturing sensitive data provided by consumers.
To avoid this problem, companies need to implement end-to-end encryption in their systems and educate their consumers about the risks involved in online shopping. Ensuring the protection of information is important to maintain consumer trust and brand integrity .
Sales data and digital vulnerabilities
During Black Friday, the huge number of transactions creates a rich for cybercriminals looking to exploit vulnerabilities in payment and data storage . According to data provided by ClearSale, losses from Black Friday fraud exceeded R$10 million in 2023 . Data such as credit card , purchasing preferences and personal addresses become valuable targets and can be used for financial fraud or resold on the dark web .
Furthermore, transactions carried out through Pix also grew. A survey carried out by Fiserv revealed that there was an increase of 131% in 2023 compared to the 2022 edition of Black Friday, a number that could be even higher in 2024.
Cybercriminals use advanced strategies to intercept and manipulate this data. Among the most common methods are Man-in-the-Middle attacks , where information is captured during transmission, and exploitation of unprotected servers . Websites that do not have SSL certificates are especially vulnerable and can expose consumers to significant risks.
Investing in robust protection technologies, such as end-to-end encryption, minimizes vulnerabilities. Therefore, consumer awareness is essential, and it is recommended to avoid purchases on websites without proven security and keep devices up to date to reduce risks.
Haste and the impact on security
The rush to carry out transactions and take advantage of Black Friday offers is one of the factors that most compromises consumers' digital security. The fear of missing out on limited promotions makes users act impulsively, clicking on links without checking their authenticity . This rush is exactly what cybercriminals need to carry out their scams.
For this reason, cybercriminals create fake pages , misleading advertisements and fraudulent media that simulate big brands or legitimate offers. According to the study carried out by Redbelt Security, more than 100 fake pages are created daily by cybercriminals to deceive consumers during purchases.
A recent survey by the DataSenado Institute showed that digital scams affected 24% of Brazilians over the age of 16 last year. This means that more than 40.85 million people have suffered financial losses due to cybercrimes, such as internet fraud , account hacking or card cloning.
Furthermore, it is important for both companies and consumers to remain vigilant. Organizations can invest in awareness campaigns to warn about the dangers of fake websites and suspicious links. In turn, consumers can protect themselves by adopting simple practices like avoiding clicking on unknown links and checking the URL .
Main Black Friday threats
Black Friday is one of the busiest periods for commerce, both physical and digital, but it is also a fertile ground for cybercriminals . During this event, they take advantage of the increase in transaction volume and reduced surveillance to launch large-scale and more sophisticated attacks.
Among the most common threats is phishing , an attack in which false media or messages are distributed simulating promotions in trusted stores. Therefore, with the aim of causing temporary unavailability and operational losses, cybercriminals frequently carry out DDoS attacks, purposely overloading websites, especially during periods of high demand, such as Black Friday, where users are more prone to hasty actions.
Malware disguised as shopping apps or software updates is another potential threat, considering it can steal users' personal and financial information. Furthermore, as mentioned earlier, creating fake websites that imitate legitimate company pages is also very dangerous. These sites deceive more inattentive consumers and capture financial and personal data.
-
Phishing and fraudulent emails
Phishing , exploiting consumers' lack of attention and rush in search of promotions. The Thales Global Data Threat Report (DTR) 2024 demonstrated that cyberattacks continue to grow exponentially, with Phishing responsible for 32% of criminal actions.
In this type of attack, cybercriminals send fake emails or messages that simulate trusted stores and promise unmissable offers, tricking consumers into providing valuable data.
These emails often create a sense of urgency, prompting the consumer to take action without verifying authenticity. For this reason, many phishing emails may be accompanied by phrases such as “ Last Chance ” or “ Promotion valid for a few hours ”.
To protect yourself, you need to carefully check the sender's address and avoid accessing links or downloading attachments to unsolicited messages . Thus, companies can reduce their customers' exposure to these attacks through educational campaigns and technologies such as anti-phishing filters .
How to identify suspicious messages?
Phishing emails , although sophisticated, still have common characteristics that help with their identification. Frequent grammatical or spelling errors can be an indication, as many of these messages are automatically translated or created without due attention to detail. The links contained in these fake emails are suspicious, using URLs that imitate legitimate websites, but with small changes, such as different domains or changing characters .
The request for personal information is another recurring feature, since urgent messages, as mentioned previously, cause psychological pressure to make the recipient act quickly, without verifying the authenticity of the content.
To avoid suffering harm, consumers should avoid clicking on suspicious links , hovering the cursor over the address to check if it is a real link, or accessing the store's website directly through the browser.
-
DDoS attacks and service outages
During Black Friday, distributed denial of service (DDoS) represent a recurring and particularly destructive threat. Nescout Systems published the DDoS Threat Intelligence Report 2024.1 , with data from the first half of 2024. According to the document, there was a significant increase of 43% in application-level attacks and 30% in volumetric attacks, with emphasis on Europe and the Middle East as the most affected regions.
To carry out these attacks, criminals use networks of compromised devices, known as botnets, which consist of machines infected with malware and controlled remotely. Hackers exploit personal computers, servers, and Internet of Things (IoT) devices such as security cameras, routers, and smart home appliances to generate attack traffic.
The operation of a DDoS attack begins with the creation of a botnet, where the attacker controls a large number of bots (infected devices) and then sends instructions to these devices to send simultaneous requests to the victim's server or network. The goal is to flood the system with excessive traffic , which can result in crashes, making the website or service inaccessible. The fact that each bot is a legitimate device makes attack identification and mitigation more complex, as malicious traffic mixes with legitimate traffic, making it difficult to distinguish between the two.
The impact of a DDoS attack during Black Friday is particularly severe, as this online shopping period already generates an exponential increase in consumer traffic. Servers, already overloaded due to the volume of accesses and transactions , become even more vulnerable to these attacks , resulting in system crashes, interruptions in transactions and loss of access to websites. For companies, the damage is not limited to lost revenue during the shutdown of operations.
Consumer trust directly impacts the company's image. Consumers who face difficulties accessing websites lose the opportunity to make purchases, which can generate frustration and even distrust in relation to the company's ability to guarantee a safe and efficient service.
In addition to the direct financial loss, companies also face challenges in recovering their image in the market. Perceived inefficiency or lack of security can have a lasting impact on customer loyalty and brand reputation. Typical signs of a DDoS attack, such as an unexplained spike in traffic at unusual times or a sudden spike in requests for the same page, require detailed investigation and the use of data analysis tools to distinguish between an attack and a legitimate spike in traffic. traffic. This complexity makes defending against DDoS attacks a constant challenge for companies, who need to be prepared to quickly identify and mitigate these threats during periods of high demand, such as Black Friday.
Impact on online shopping and business operations
Website unavailability during Black Friday can have a significant financial impact for organizations. During this period, many stores generate a large portion of their annual revenue, and when the website goes down, sales opportunities are lost . In addition, there may also be additional costs, such as system repair and attack mitigation, in addition to compensation for affected customers .
Disruption of services can harm consumer loyalty . The frustration of many customers at not being able to access advertised offers can lead them to abandon the company and look for competitors. This, in addition to reducing sales, also affects the brand's image in the long term. Customer trust is a valuable asset for companies, and can be severely impacted by an attack of this type.
-
Malware and fake pages
Although it is a recurring problem throughout the year, malware and fake pages can increase significantly during Black Friday. The likelihood of consumers encountering this type of scam increases considerably, as cybercriminals take advantage of the increase in traffic and the search for discounts to spread their strategies.
By clicking on fake links or visiting fraudulent websites , consumers can download malicious software onto their devices. These malware can be used to steal information and even control the victim's device, favoring the application of other scams.
It is important to remember that these fake pages are created by cybercriminals in an identical way to the original, but with the aim of collecting confidential information. These pages are often distributed through phishing emails , social media ads , or to-consumer messages
Against this type of threat, it is essential to be aware of some signs. Check that the website is safe and avoid accessing suspicious links received via email or social media. Always buy from trusted and well-known websites , using security solutions to reduce the risk of infection.
In addition to checking whether the website address starts with “https” and whether a padlock appears next to the URL, also evaluate the website's appearance: spelling errors, a strange layout or poorly organized pages could be signs of fraud.
Another tip is to check if the website offers basic information, such as CNPJ , physical address and clear means of contact, such as a functional SAC. Prefer to type the website address directly into the browser, avoid clicking on links sent by email or social networks, which can lead to fake pages.
-
Credit card data fraud
As we mentioned, many cyber attacks are focused on obtaining consumers' personal data , and this information can be used by criminals in other frauds, such as credit card data fraud . Cybercriminals advantage of the rush and enthusiasm to take advantage of offers. With this data in hand, criminals can make fraudulent purchases , execute bank transfers or even sell the information on clandestine markets .
This data can be obtained in different ways, such as through malware , phishing emails , fake pages and even keyloggers , which are installed on computers or devices to record keystrokes. The Man in the Middle attack can also be used, where cybercriminals intercept communication between the consumer and the store's website to steal the transmitted information.
To protect their financial data during Black Friday , consumers should take some security precautions. First of all, always check that the website where you are making the purchase is legitimate and that it uses a secure connection . Use digital wallets or virtual cards that generate temporary credit card numbers for this type of transaction, reducing the risk of real data exposure .
The future of Black Friday and cybersecurity
As we can see throughout this article, Black Friday is an unmissable opportunity for consumers and also for cybercriminals who want to exploit vulnerabilities. As technology advances and forms of online transactions become more sophisticated, new challenges to digital security emerge. Protecting information , ensuring the integrity of e-commerce platforms and consumer safety are issues that have become even more critical, and it is essential to establish constant adaptation, both on the part of companies and consumers.
AI-based attacks and sophisticated malware
As security systems become more robust, so do cybercriminals . With the advancement of technology, new attack strategies are being developed, such as deepfakes and attacks based on Artificial Intelligence . These measures can simulate legitimate actions, deceiving consumers and the protection system, requiring constant adaptation and improvement work.
The automation of cyber attacks , in turn, can allow criminals to carry out large-scale fraud more quickly and effectively, challenging companies' defenses and creating a more dangerous environment for e-commerce .
The sophistication of malware also presents a major challenge. Cybercriminals have already developed clever strategies and more sophisticated malware that can be even more dangerous to users and harder to detect .
In order to spy, sabotage or extort, hackers use advanced techniques to design sophisticated malware that evade detection and cause large-scale damage. Examples include Stuxnet , which sabotaged nuclear centrifuges in Iran, and WannaCry , which spread globally using the EternalBlue vulnerability to encrypt data and demand ransoms. NotPetya WannaCry , aimed to destroy systems, affecting companies around the world.
For this reason, developing security strategies is tireless and intense work, looking for new ways to protect users against this type of action.
IoT devices and supply chain vulnerabilities
The growing adoption of IoT (Internet of Things) devices in corporate environments, particularly during high-volume events like Black Friday , creates new opportunities for cybercriminals . These devices, such as smart thermostats and even monitoring devices, connect to the network, becoming potential access points for attacks. These devices often do not have good security features, making them vulnerable access points . The lack of security protocols on these devices makes it easier for cybercriminals to exploit this loophole to access sensitive systems and confidential data.
Additionally, the supply chain has become an increasingly targeted target as many companies rely on suppliers to deliver products and services. When this network is compromised, attackers can access sensitive information, such as customer data and internal processes , directing attacks at products and services .
An example of this was the attack carried out against SolarWinds , which demonstrated a vulnerability in a single vendor that compromised the security of an entire corporate network. During high-traffic events like Black Friday , companies must ensure their suppliers implement robust digital security measures .
How can your company protect itself during Black Friday?
We know that Black Friday is one of the most anticipated dates in commerce, but also one of the most risky for digital security . The increase in online transactions and the pressure to offer unmissable discounts make companies easy targets for cybercriminals . For this reason, the company needs to adopt measures to protect itself and avoid losses caused by these attacks.
These measures must be implemented to ensure that operations remain safe and continuous , as well as to avoid financial losses and reputational damage. Here are some best practices businesses can follow to protect themselves during this time of high demand.
Investment in infrastructure and security
One of the best ways to protect the company against cyber attacks during Black Friday is through more robust security infrastructure This involves not only implementing firewalls , DNS filtering and intrusion detection , but strengthening the corporate network to handle the increase in traffic.
During the Black Friday , many websites experience heavy overload, which can make systems vulnerable. In this sense, it is the company's responsibility to prepare and strengthen the server and network infrastructure to support a large volume of simultaneous access.
Firewall solutions and constant monitoring
Robust firewalls are essential to create a defensive barrier against external attacks. On Black Friday , there is a more intense threat of cyber attacks, it is necessary for companies to implement constant network monitoring to ensure protection.
Advanced security tools can be used to identify suspicious behavior and potential vulnerabilities in real time , allowing security teams to act quickly to block these actions. Combining firewalls , next-generation intrusion detection , and real-time monitoring is an effective strategy for detecting and preventing unauthorized access attempts and other threats.
Consumer education
Although the internal security is essential, it is also necessary to invest in consumer education to prevent fraud and attacks of various types. During Black Friday , consumers are more likely to fall for scams, such as fake websites and fraudulent emails, due to their rush and eagerness to find unmissable offers. Providing clear guidance on recognizing safe sites and verifying authentic URLs is critical, as well as guidance on avoiding clicking on suspicious links .
Companies need to inform their customers about best security practices, such as using strong passwords and only making purchases on secure websites (https) . In addition to this, two-factor authentication (2FA) is essential, contributing to a safer digital environment and increasing the protection of personal information.
Another fundamental tip is to avoid using public Wi-Fi networks to improve transaction security. Many of these networks do not have the necessary security features, favoring the exposure of information and increasing the attack surface.
Implementing two-step authentication (2FA)
Two-step authentication is an essential measure to protect accounts from unauthorized access . It requires the user to provide at least two different forms of identification to make the work of cybercriminals .
This process works as follows:
- First layer: The first layer of multi-factor security is the password , common on most platforms. However, these passwords can be vulnerable to brute force attacks . For this reason, the password alone is not enough to guarantee security, especially in times of high traffic.
- Second layer: An additional code acts as a second layer of security, requiring the user to provide a code to confirm their identity. This code can be sent via SMS , email or generated by an authentication application . Having a limited validity, it makes it much more difficult for cybercriminals to use stolen information.
Avoid scams on Black Friday
Black Friday is one of the biggest shopping dates of the year, and the large number of tempting offers can create very dangerous vulnerabilities. According to the study “Panorama do Consumo Brack Friday 2024” carried out by Mercado Livre, 85% of participants intend to buy on Black Friday , highlighting the large number of consumers who take advantage of the promotions. However, during this period, consumers are more susceptible to errors and cyber risks, making it important to adopt resources and tools that help maintain protection.
There are some security strategies that can help these consumers avoid becoming victims of fraud, as we will see below:
Website authenticity check
Before making an online purchase, the first security measure that must be adopted is to verify the authenticity of the page to be accessed. One of the ways to do this is by checking the SSL certificate , identified by the presence of “https://” in the URL and the padlock in the address bar.
Seeking reviews and feedback from other consumers is very important, helping to verify whether the site is trustworthy and whether other purchases have already been made. Fake websites often have excessively low prices , typographical errors and suspicious contact information, indicating that something is wrong.
Be careful when clicking on promotional links
On Black Friday, cybercriminals usually send many fraudulent emails with links that redirect to fake and malicious websites. When receiving offers by email, especially where the discount is large and excessively advantageous, check the sender and be wary of messages that create a sense of urgency , containing phrases such as “Last Chance” or “Offer valid for a limited time”.
To avoid falling for this type of scam, access the website address directly in the navigation bar and do not click on links received by email. If the discount seems too good to be true, it's probably a scam.
How to recognize fake URLs
As we mentioned, cybercriminals develop fake URLs to promote their scams. For this reason, it is necessary to know how to recognize these URLs to avoid accessing fake pages and providing personal or financial data.
Here are some tips for spotting fake URLs:
- Check the URL: Fake websites often have slight variations compared to the official URL. A fake website may use a different domain than the original and even have typos, extra characters or subtle substitutions, such as swapping the lowercase letter “l” for the number “1”.
- Suspicious domains: Domains used by fraudulent websites may have common suffixes, such as .net or .xyz . Check that the domain appears legitimate and that there are no suspicious additions to the site name. Oftentimes, criminals will add words like “discount” or “offer” to the domain to create a sense of urgency.
- SSL Certificate: Although the URL alone is not a guarantee, the security padlock on the browser is a good indication that communication between your browser and the website is properly encrypted. It is important to remember that an SSL certificate is not a guarantee that the website is trustworthy, only that the connection is secure.
Using safer payment methods
Choosing your payment method is also a crucial factor in protecting your information. On Black Friday, consumers need to be aware of payment options, ensuring that their purchases are safe and protected against fraud and criminal actions.
Using more secure payment methods can help reduce the risk of data theft and keep your information confidential. Platforms like PayPal, Google Pay and Apple Pay are popular because they offer an extra layer of protection by not directly sharing your card details with the seller .
Virtual cards are also an excellent alternative, as they offer credit or debit cards generated for just one transaction. These cards have a different number from your physical card, preventing criminals from making other purchases with this information.
How to ensure a safe Black Friday
To ensure a safe Black Friday, both businesses and consumers need to adopt proactive cybersecurity . The growth of transactions and the frantic search for great offers creates a perfect environment for cybercriminals , who implement information diversion and financial scam strategies to deceive a large number of users.
Companies must invest in robust security infrastructure , implementing two-step authentication and continuous monitoring systems to maintain website protection. Educating employees on how to identify cyber threats that can affect operations and transactions is essential.
For consumers, it is necessary to inform them about the importance of prudence during this period. Remind your consumers to check the authenticity of the website , use secure payment methods and avoid promotional links that may be fraudulent.
The importance of a trusted digital ecosystem
Constant collaboration between companies, governments and consumers is essential to create a safe digital environment , especially during high-volume transaction events such as Black Friday. Organizations need to invest in protection technologies and also adopt clear security policies for their users. The government can create stricter regulations and carry out awareness campaigns to warn consumers about the risk of online fraud.
It is necessary to work together so that everyone remains prepared and is able to remain protected in the digital environment during not only Black Friday, but with all purchases made. In this sense, the National Consumer Secretariat (Senacon), of the Ministry of Justice and Public Security, prepared a guide based on the Consumer Protection Code with guidelines exclusively for Black Friday.
Consumers should remain aware of best digital security practices , such as the use of strong passwords and multi-factor authentication to protect their personal and financial information. Working together can make all the difference in reducing the incidence of fraud to ensure the lowest number of victims during Black Friday.
