General 3min de Leitura - 18 de September de 2020

How to identify and prevent virtual threats in times of Black Friday

This post is also available in: Português English Español

R$ 3.67 billion. This is the amount predicted by the National Confederation of Trade in Goods, Services and Tourism (CNC) to be handled on the next Black Friday, which in 2019 will be on November 29th – the day varies, always falling on the last Friday of November. The name has become known in recent years as it is a period in which companies around the world offer super attractive discounts on their products and services. In Brazil, it is already the fifth most important date for retail trade. It only loses for Christmas, Mother’s Day, Children’s Day and Father’s Day, surpassing Valentine’s Day.

It is exactly because of the size achieved that Black Friday has demanded more and more attention from consumers. It is not uncommon to find cases of traps and deceptive offers, in which several fraudsters take advantage to deceive people in search of very low prices. This goes beyond discounts that theoretically reach 80% or even 90%. Crackers use fake websites and emails to spread malicious software, which allows them to break into computers and entire systems. The goal? Take possession of bank details and sensitive information, including ransomware – the installation of malware that makes data hijacking feasible. Thus, a given system is hacked and a password is required to allow access to the files. Such password is provided by crackers only upon payment. Research indicates that more than 40% of small and medium-sized businesses have already suffered this type of attack. After all, machines connected to a corporate network are much more attractive in these cases.

Means of ensuring security

There are so many dangers brought by Black Friday that the Brazilian Chamber of Electronic Commerce ( created the Black Friday Legal Seal. It identifies the companies that adhered to the institution’s Code of Ethics, committing themselves to the good practices of e-commerce, and were approved in the entity’s evaluation process. To receive the Black Friday Legal Seal, the online store needs to be associated with or the e-MPE Movement, in the case of micro and small companies. Who is certified with the seal guarantees a differentiated level of security to those who choose to make purchases during the period – remembering that not only individuals make purchases on Black Friday, but also companies through their respective purchasing sectors.

There are several other precautions that must be taken when making a purchase, in addition to searching for safe and reliable websites. You should always conduct surveys with information about the reputation of the store where you intend to buy, taking care of fraudulent e-mails and websites. It is recommended to go directly to the company’s website and avoid dubious links sent by email. They are the gateway to invasions; just one click to free access to crackers – even without the slightest intention to do so. It is also necessary to search the website for basic information about the supplier, such as company name, CNPJ, physical and electronic addresses, telephone and other information that makes it possible to make contact and find the location. Still, keep all purchase records, such as confirmation emails and location codes. Even more: check if the company’s website has secure connections to protect your data. In this sense, a tip is to identify the presence of HTTPS and an activated padlock in the left corner of the browser’s address bar at the beginning of the email address. Secure websites often feature these items. It is also essential to check payment security certificates in bank transactions with the company, avoiding providing bank details to sites that do not have these security items.

Avoid impulse purchases

The entire context surrounding Black Friday is directly linked to impulse buying, the one in which the consumer was so attracted by the theoretically gigantic discounts that he neglects the search for security in the transaction. For this reason, the term “Black Fraud” has already become famous with offers where “everything is half the double”. These are ads where the price practiced for months is increased, and then announce a mega discount that is very close to the original value. In practice, the “unmissable opportunity” may represent less than 10% reductions in the advertised offer. Although it does not generate a risk to the integrity of the applications, it brings a bad name to the concept of Black Friday, facilitating the search for alternatives where the consumer, already frustrated, ends up not complying with security requirements. That is, one problem ends up leading to a bigger one.

Reflections of Black Friday for corporate environments

Recent research shows that a very significant part of people end up using the resources available in the workplace to search for products and complete purchases in times of Black Friday. For this reason, technology professionals must raise their attention and strengthen controls that avoid the compromise of the corporate network, motivated by the improper use of company resources. All actions used during Black Friday to try to commit users to purchases, such as phishing, malicious websites, malware of various types, can generate highly harmful impacts to the corporate structure, culminating in financial losses and the image of the business.

For reasons like these, there are companies that specialize in providing security and agility in the management of your business’ digital assets – such as OSTEC. Visit the website and find out the solutions that will help keep your company’s results safe.

This post is also available in: Português English Español