Key takeaways 

• Black Friday sees a major spike in both shopping, with billions spent online, and in scam activities, with a 22% increase in fraud losses reported.

• Cybercriminals start gearing up for Black Friday scams in January, indicated by increased dark web searches for related keywords.

• Dark web data shows Black Friday is a topic of interest throughout the year, not just in November, with notable search activity in April.

• Months before Black Friday, the dark web buzzes with searches for big retailers, hinting at planned attacks on these platforms.

• Key protective measures include skepticism towards unexpected deals, consistent software updates, using different devices for work and personal use, secure passwords, and informed cyber practices.

Black Friday is famous for big sales and shopping frenzy. It’s also a busy time online, with a record $9.12 billion spent last year, as reported by Adobe Analytics. This global trend saw Salesforce reporting worldwide online sales hitting $40 billion.

Yet, alongside this rise in legitimate transactions, there was a notable increase in fraudulent activity, with reported losses from scams associated with Black Friday and Cyber Monday climbing by 22% from the previous year. These statistics don’t just reflect consumer zeal for deals; they also underscore the period’s vulnerability to cyber threats.

Based on this reality, NordLayer’s recent exploration reveals a complex strategy behind the festive frauds that often begin brewing while most still stick to their New Year’s resolutions.

January: the planning period for cybercriminals

The words “Black Friday” might bring images of late-year sales to mind, but for a cybercriminal, January is a prime month for laying the groundwork. During this period, researchers noted a surge in search activity on the dark web, encompassing all Black Friday-related keywords, from hot shopping trends to potential cybersecurity threats.

Carlos Salas, Head of Platform Engineering at NordLayer, illustrates the situation: “The reason behind this early start is the need to establish a network of resources, from stolen personal data to compromised accounts, to facilitate their scams when Black Friday arrives. Criminals also seek to exploit the heightened sense of urgency and excitement surrounding the holiday season to deceive unsuspecting shoppers.”

Surprisingly, the ‘Black Friday’ keyword spiked in April searches—an unexpected deviation from the usual November interest. The reasons for this springtime surge are unclear, but it’s a reminder to stay alert for online dangers all year round, not just during the holiday shopping rush.

‘Black Friday’ queries are at their lowest in August, but remarkably, they shoot up in September, doubling the volume seen in the previous month.

Why Black Friday deals are a dark web trend all year

Black Friday isn’t just for November anymore; it’s a year-round event where you can always find deals. On the dark web, ‘Black Friday’ means discounts on things like stolen data and illegal items every day. These places sell lots of subscription services at lower prices, too. Cybercriminals are ready to use this buzz to target both shoppers and companies.

“Black Friday became synonymous with getting great deals, so this keyword is popular year-round. Vendors on the dark web marketplaces know that when a potential customer sees the term ‘Black Friday,’ they will likely be attracted to the idea of saving a coin, regardless of what season it is,” says Salas.

High traffic, high risk

Popular online marketplaces are beacons for threat actors. It’s clear that retailers like Amazon, eBay, and Target, with their high online traffic, are primary targets for these attackers.

The data points to a sharp rise in targeted keyword searches for these e-commerce platforms starting early in January. The increase shows that the more well-known a retailer is, the more likely it is to attract attention from potential attackers on the dark web.

For instance, interest in Amazon spiked, with keyword searches climbing over 45% in January, followed by notable upsurges of 15% in May and 13% in March.

The Federal Trade Commission (FTC) in 2022 reported that scams where people pretend to be from a business took a massive leap, causing a loss of $2.6 billion. Looking back, from mid-2020 to mid-2021, out of every three complaints about these kinds of scams, one was about someone faking to be from Amazon. Last year, the amount of money swindled by fake businesses was $660 million, which is more than the $453 million lost the year before. The FTC hasn’t given a breakdown for Amazon scams for 2022 specifically, but it’s a fair guess that, given the trend, Amazon impersonators have also become more common.

eBay saw a similar pattern, with dark web keyword searches soaring by 68% in January, while March and April recorded increases of 46% and 19%, respectively.

Target-related searches peaked with a 41% rise in March, a 31% jump in January, and a moderate 15% hike in April.

Each spike in search volume represents more than consumer trends; they’re opportunities eyed by cybercriminals.

Top 5 threats this Black Friday

Carlos Salas points out the top five scams to be wary of.

Phishing scams

Phishing remains a favored tactic. Fraudulent attempts to gather sensitive information don’t take a holiday, especially not on Black Friday.

Phishing scams come to life when cybercriminals buy phishing kits from dark web stores. These all-in-one packages enable setting up websites that look trustworthy but are traps for stealing sensitive data.

Before the generative AI era, phishing emails were somewhat easy to spot due to poor grammar, illogical vocabulary, and bad spelling. Such glaring errors were easy to pick up by automated defenses and reasonably careful people. But with AI tools, it is now far more likely that a phishing email will appear genuine, leading to more potential victims actually clicking on malicious links.

Fake websites

Imitation may be flattery, but in the cyber world, it’s a weapon. Cybercriminals craft convincing copycat websites offering too-good-to-be-true deals to lure in unsuspecting shoppers.

The development of fake websites follows a similar path to phishing scams. Scammers use sophisticated software to clone legitimate websites, which are then hosted on compromised or malicious servers. These counterfeit sites are often used together with phishing emails or advertisements to steal user data or payment information.

Gift card frauds

Gift cards from third-party vendors may not be as beneficial as they appear. There’s a real danger they could be fake or previously drained, rendering your gift worthless.

On the dark web, there are marketplaces and forums where stolen gift card numbers are bought and sold. Scammers also trade tips and tools for cracking the algorithms of gift card numbers, allowing them to generate and sell counterfeit cards.

Fake order confirmations

Be wary of unexpected emails, calls, or messages about orders or deliveries you don’t recognize.

This scam involves creating fake order confirmation emails that appear to come from well-known retailers. These emails are crafted using templates available on dark web markets, complete with logos and branding, and contain links to phishing websites or malware.

Social media scams

According to FTC data, social media ranks as the fifth most common way scammers contact their victims. In cases reported on social media scams, 61% resulted in financial loss. The median amount that people were scammed out of was $528. Think twice before you click on offers that look too good to be true.

These scams are often centered around fake profiles or compromised accounts. The dark web provides a venue for buying and selling the access credentials to these accounts, as well as software that automates the creation of posts and messages designed to defraud social media users.

The methodology behind Black Friday cyber threat analysis

The compilation of data was a joint effort with independent experts focused on researching cybersecurity incidents. The team conducted an analysis of the most searched terms related to Black Friday, including popular discussion topics, retail chains, and methods of attack. They conducted their search analysis over a period stretching from September 2022 to August 2023.

The benchmark is based on the average monthly search volume for Black Friday-related scam terms, and variations from this norm were calculated accordingly.

Fortifying your digital defenses: five tactical measures

Be skeptical of unexpected communications

Phishing doesn’t come with a neon sign. Treat unexpected emails and messages cautiously, verifying the sender through other channels if necessary.

Update and patch regularly

Ensure that all systems and software are up-to-date with the latest security patches. Think of updates as your digital immune system’s vitamins—essential for fending off infection by cybercriminals.

Separate work and personal devices

Using personal devices for work can cause trouble. If possible, keep them separate to minimize the risk of cross-contamination.

Embrace strong, unique passwords

A common foothold for cybercriminals is a weak password. Opt for complex, unique passwords for each account, and consider a password manager to keep track of them all.

Educate on cyber hygiene

Empower employees and users with knowledge. Regular training sessions can turn the most innocuous user into a vigilant watchkeeper against phishing scams and suspicious links.

Strengthen your business with NordLayer security

The shift to hybrid work models has made the understanding of security threats more important than ever. NordLayer helps businesses adapt by providing advanced solutions for network access and management. Our services are built around the Zero Trust security model, which rigorously verifies every access request, thus enhancing your data protection. Virtual Private Gateways further secure your operations with dedicated servers that encrypt data and offer detailed access management, seamlessly integrating with leading login systems.

NordLayer offers a suite of security features, including a top-quality VPN, multi-factor authentication, and ongoing network monitoring, designed to fit your business needs without additional hardware complexity.

Contact NordLayer today to strengthen your organization’s defenses against cyber threats.

A discussion with Dean Mechlowitz, Co-founder of TEKRiSQ responsible for Technology Operations, about the main challenges organizations face with cybersecurity threats, the benefits of the NordLayer Partner Program, and what perspectives are anticipated for different industries. 

Highlights

• About the company: TEKRiSQ is a cybersecurity team of up to 10 people aiding small- and medium-sized businesses (SMBs) in the US and Canada and focusing on enhancing cyber resilience against digital threats since 2021.

• Business case: the MSP tackles the challenges SMBs face in cybersecurity, addressing the lack of internal IT expertise and the misconception of being too insignificant to be targeted.

• NordLayer adoption: a partner utilizes NordLayer’s simple and efficient remote network access solutions to enhance cybersecurity for clients without overwhelming them.

• Benefits of NordLayer Partner Program: the program offers MSPs like TEKRiSQ user-friendly solutions, a centralized management portal, and reporting capabilities, emphasizing ease of use for end-users.

• Future projections. Future cybersecurity challenges will center around remote work risks, the protection of personal data, and the need for basic security measures like multi-factor authentication.

About the company

TEKRiSQ is a team of cybersecurity professionals helping SMBs build cyber resilience against digital threats. Operating as a managed service provider (MSP) in the US and Canada, a team of up to 10 people ensures that their clients transform into fully cyber-insurable companies.

Established in 2021, TEKRiSQ was founded on strong fundamentals of experience and expertise in modern cybersecurity and technology. The company has been advising everyone from small teams to big global players, gaining unique insights into the industry and how SMBs navigate the changing security landscape.

Dean Mechlowitz, Co-founder of TEKRiSQ responsible for Technology Operations, discusses the company’s approach to building cybersecurity culture and technology stack for SMBs, and how NordLayer’s secure remote access solution contributes to their mission.

Business case: bringing in the cyber expertise so clients don’t have to move a finger

According to TEKRiSQ, companies often struggle not due to industry-specific challenges but because of their mindset when it comes to adopting security measures. Small and medium enterprises are convinced that their insignificance will protect them from potential risks.

SMBs who don’t typically have internal IT departments or Chief Information Officers end up outsourcing specialists and services. Without the right knowledge, it’s challenging to determine cyber risks applicable to their businesses and keep up with technological changes. 

The lack of expertise makes organization decision-makers immobile and hesitant in taking action because the only thought they have in their minds is, “What do I do?” However, some service providers jump into the multibillion-dollar MSP market with no actual experience in cybersecurity.

Qualified MSPs often play a crucial role in guiding organizations lost in the subject. They are responsible not only for bringing knowledge and expertise but also for making sure the clients are aware of the risks. Our speaker Dean highlights that clients tend not to know or simply don’t care about the importance of business cybersecurity.

Guiding the unaware and the naive with a pragmatic approach

TEKRiSQ’s strategy is to use cyber insurance channels to get clients’ attention to security needs.

Business owners and managers, just like any other person, are looking for a quick and painless solution to their problem—and insurance, at first glance, seems like an easy way out. However, businesses must comply with insurance requirements that usually include the incorporation of network and data security policies.

Then, the ignorant, unaware, or careless mindset faces a reality check after hearing three control questions from a TEKRiSQ representative:

1. If all your data was exposed and published on the dark web, would that be a problem for your business?

2. If all your data was inaccessible for three or four weeks, would that be a problem for your business?

3. If your computers were shut down for a month or two, would that be a problem for your business?

According to Dean, everybody uses computers, and everybody has data that’s really sensitive, so the answer is, “Of course, it’d be a problem,” and it doesn’t matter what business you’re in.

So there are certain businesses that have bigger risks, and some have smaller ones, but it’s the MSPs’ task to identify and mitigate them for the client if they lack internal resources to do it independently.

Close collaboration with insurance providers allows TEKRiSQ to be at full speed with what’s required by the insurer. Many MSPs are unaware of such nuances and cannot offer clients the right solutions.

Close-up on the solution

TEKRiSQ is a unique managed service provider that performs risk assessments in 30 minutes. They also focus on delivering solutions in minutes, not weeks or months. Thus, working with tools that correspond with such objectives is super important.

NordLayer’s onboarding for secure remote network access is about as simple as possible. You put the email into the system, and it sends an activation email. The setup must be super simple so non-tech users can understand it and follow instructions.

As an MSP, TEKRiSQ must have access to activity reporting to see whether the clients are using the systems. If the activity is low, they must be able to enforce the service, as companies tend to forget to use it after installing the application.

Finally, adding extra layers of security, like incorporating dedicated IP into the company’s network protection, is crucial. Whether it’s encrypting connections while working on a public network or adding IP or access control lists for the firewall—the client most likely doesn’t realize the need for such a measure because they don’t know there’s more behind a firewall or generic VPN.

Why join the NordLayer Partner Program?

Our Partner Program provides MSPs with an ecosystem of user-friendly solutions, educational materials, and hands-on support from our experts. The main benefit of NordLayer is in our approach to thinking two steps ahead for our clients and partners.

NordLayer is all about stress-free cybersecurity. Thus, it has to be approachable for the end-user and effective for our partners.

By providing a Service Management Portal, NordLayer gives its partners keys to their organizations’ administration in one place. There they have centralized controls of comprehensive security features and user management.

Interested in collaborating to build a more resilient and aware cybersecurity landscape for businesses and organizations? NordLayer invites Managed Service Providers to seize the opportunity to join our Partner Program.

Thank you, Dean, for sharing your experience with NordLayer in helping your clients overcome network security challenges.

Future projections: threats and challenges to keep an eye on

Experience and daily work in the cybersecurity field help draw some presumptions about what to expect from the industry in the upcoming years. Our story hero, Dean agreed to share his insights on what companies should be cautious about in order to protect their businesses.