Black Friday sales to heighten cyber security risks for SMEs, says RSM
This weekend’s discount splurge presents a golden opportunity for cyber scammers, security experts say.
The spectre of cyber scams hangs over the Black Friday sales as digital criminals prepare to pounce on any lapse by either businesses or clients, according to security specialists.
They said fake websites that looked like genuine stores would aim to siphon off some of the $6.4 billion consumers are expected to spend over the sales weekend, which starts on Friday.
The National Anti-Scam Centre said it had detected a concerning increase in websites replicating high-street brands with more than 2,700 reports and $6 million lost already this year.
ACCC deputy chair Catriona Lowe said scam sites took advantage of the latest technology to make them look like Australian fashion and footwear labels and the increase was alarming.
“Scammers are opportunistic criminals who will try to take advantage of people doing their Christmas shopping online during the upcoming Black Friday and Cyber Monday period,” she said.
Many of these websites offered luxury clothing, jewellery and electronics at very low prices. Scammers also set up fake online stores on social media platforms, open for a short time then disappear.
“A recent, disturbing development is that scammers are paying for their fake websites to appear at the top of your internet search. This means you can’t necessarily trust the first listing you see.”
RSM Australia cyber security specialist Ashwin Pal said small businesses that put cyber security in the too-hard basket risked being easy prey.
“The Black Friday sales, combined with high cost-of-living pressure, is a high-risk time for online retailers in particular,” Mr Pal said.
“It’s a numbers game for these criminals – they could spend months trying to breach a large corporation for a big pay day, but if it takes less than 10 minutes to breach a less secure small business, you do the math. Hackers generally target the low hanging fruit.”
“For every large organisation like an Optus or Medibank that reports a data breach, there are about 20 unreported SMEs who have been hit. The smaller the business, the less likely it can absorb the financial and reputational hit of a cyber breach.”
He said small businesses could invest in third-party scanning and takedown services for fake websites, rather than risk the lost sales and reputation damage if customers were fooled.
“There are two aspects to it. The simple one is to scan the broader internet and the tools will actually pick up anything which looks like your website, but obviously isn't your website. It knows what your website is, and if it finds something similar, then it'll flag it.”
“Then on the dark web in hacker forums they'll be talking about either creating a fake website and using it or, worse still, there will be hackers who have created fake apps and there'll be selling those to another hacker to then distribute out to the masses and dupe people, collect passwords and obviously then eventually steal money.”
“So keeping a watch on the dark web also helps pick up if anybody is effectively targeting you or targeting your brand.”
Ms Lowe said the National Anti-Scam Centre had been working with retailers to disrupt scam activity and published advice for businesses impacted by scammers impersonating them.
“As scammers have been primarily targeting fashion and shoe retail brands, we have focused our disruption efforts on this space, helping retailers remove a number of fake websites,” she said.
“We commend those retailers who have taken proactive steps to warn their customers about scam websites impersonating their brands.”
About the author
