According to analysts, the Black Friday shopping phenomenon has shown signs of moving online, with no repeat of last year’s chaos in some stores.
The 2014 Black Friday saw buyers fighting over bargains, websites crashing and delivery companies struggling to cope.
Black Friday, the discount day has its origins in the US, where it takes place the day after Thanksgiving, traditionally kick-starting the Christmas shopping period.
Online activity is said to be up, but expectations are for a longer period of discounts and shopping.
In the US, some retailers started offering deals early.
Macy’s said about 15,000 shoppers waited outside its Manhattan department store in readiness for its opening on Thanksgiving evening.
Amazon offered discounts in the lead up to the shopping event.
Washington-based National Retail Federation estimates that about 135.8 million Americans will shop during the four-day holiday compared with 133.7 million in 2014.
The US shopping bonanza has spread not only in Europe, but also countries such as Brazil and India.
Black Friday is still dwarfed by China’s Singles Day – the world’s biggest online shopping event. On November 11, Chinese e-commerce giant Alibaba reported sales worth 91.2 billion yuan ($14.3 billion), a 60% increase from 2014.
According to experts, cyber-thieves are preparing malware and spam campaigns in a bid to catch out retailers and shoppers during the run-up to Christmas.
One gang had updated the sophisticated malware it used to target tills in stores, security company iSight said.
There had also been an increase in spam and phishing emails crafted to catch out people seeking bargains.
Some crime groups had made fake copies of popular shopping apps in a bid to steal payment-card data.
The warnings are being given just prior to Black Friday and Cyber Monday, which bracket the weekend following the Thanksgiving holiday, when many online and offline stores offer special deals.
The 50 biggest retail brands in the US were now hunting through their internal corporate networks to see if they had been infected by the “highly sophisticated” Modpos malware, said iSight senior director Stephen Ward.
The modular malware could lurk unseen on POS equipment, said Stephen Ward, and sought to scoop up payment-card data during the few moments this information was passed around unencrypted in the memory of computerized tills.
“It’s a Swiss-army knife of sorts that can be used for any type of nefarious activity,” he said.
The Retail Cyber Intelligence Sharing Center, a US government-backed organization set up to pass on information about threats aimed at retailers, has sent out advice about the “2015 hacking season”.
“Downtime is expensive, but especially so at this time of year,” it said.
“Retail staff is motivated and focused on sales, at the risk of possibly allowing fraudulent transactions or other types of breaches.”
Reacting quickly to threats could be tricky at this time of year, it said, because systems were often “frozen” to limit downtime.
Stephen Ward said iSight had been tracking the gang behind Modpos for some time, but it had now been revamped for the run-up to Christmas.
Traditional anti-virus systems were unlikely to catch the stealthy malware because of the clever way it was built.
iSight had passed on information about telltale signs that would reveal a retailer had been compromised by Modpos.
Anti-fraud company ThreatMetrix said online retailers were also coming under sustained assault from many different hi-tech crime groups.
It said it had seen signs of an increase in fraud campaigns before the main shopping season got under way and expected a “major spike” in such activity in the run-up to Christmas.
In a report, it said attacks against online retailers had already jumped 25% over earlier in the year and it expected the trend to continue.
“Generally, the third quarter is a slower time for businesses as consumers anticipate spending money during the Christmas and New Year shopping season, but this year it yielded record numbers in attack attempts,” said Vanita Pandey, strategy director at ThreatMetrix.
The vast majority of the attacks were attempts to defraud companies by using fake logins or stolen credentials, said Vanita Pandey.
ThreatMetrix had seen evidence of crime groups using botnets, networks of hijacked computers, to batter away at login screens searching for loopholes and bugs.
Experts also urged people to be vigilant and exercise common sense when browsing offers sent via email or other messaging services.
No-one should ever buy anything offered via unsolicited email.
This website has updated its privacy policy in compliance with EU GDPR 2016/679. Please read this to review the updates about which personal data we collect on our site. By continuing to use this site, you are agreeing to our updated policy. AcceptRejectRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
