November 24, 2010, 2:52 PM — This Friday millions of people will venture out in the middle of the night and brave frigid temperatures and long lines to battle for Black Friday holiday shopping bargains. Many retailers have expanded to include online promotions as well on Black Friday--including Amazon and Apple. Whether you plan to do your Black Friday shopping sitting at your PC, or join the crowds there are some inherent security concerns to watch out for.
Don't Click the Link. Tim 'TK' Keanini, CTO for nCircle, says "Don't respond to any online offer that links directly to an e-commerce site. We're all on guard against deals that are too good to be true, but a referral to an 'excellent deal' from one of your Facebook friends is just one of hundreds of ways hackers will use to get you to drop your guard this holiday season."
Attackers know that Black Friday shoppers are in battle mode and are more inclined to aggressively jump on any offer for fear of missing out on a great deal. If a deal sounds enticing, feel free to explore it, but type the URL into your browser yourself rather than risk following a malicious link to a spoofed Web site.
Beware Online Ads. Online ads can capitalize on the trusted reputation of credible sites to deliver malicious content. Tim Erlin, Principal Product Engineer for nCircle explains, "Don't even think about clicking on an ad, especially those great deals. Ad content is delivered by third parties and is a favorite attack tool for hackers of all stripes. This is true even for very well-known e-commerce sites where online shoppers feel safe."
The site you are visiting typically has no direct control over the third-party ads that are served, and is often completely unaware of suspicious or malicious ads unless they are reported. That $100 iPad ad is guaranteed to be fake, and most likely malicious--so don't click on it.