Black Friday and Cyber Monday: Sales May Rise, But So Will Cybercrime

The 7 days after Black Friday 2023 saw online retail sales decline by 1.9%. For the IMRG, the UK eCommerce Association wasn’t far off, predicting a fall of 2% that year. Despite this, it reports that Cyber Monday was the strongest trading day, with a 5.6% year-on-year increase in e-commerce sales – “followed by Tuesday, which also showed positive growth (+1.9% YoY).”

IMRG says the challenges that the Black Friday and Cyber Monday period faced included the fact that not everyone would have had their monthly pay cheque. There is also the ongoing cost-of-living crisis, which has impact both e-commerce and in-store retail sales. Yet, there is hope for the 2024 season. Firstly, most people will have been paid by 29th November 2024, which IRMG believes could boost online trading activity, and they predict that Cyber Monday will remain stable. It recommends that retailers use FOMO (fear-of-missing-out) messaging to stimulate sales.

In her blog post, ‘Key Learnings From Black Friday 2023 To Help Shape Your 2024 Strategy’, Ellie-Rose Davies, Content Executive at IMRG, comments: “Encouragingly, this year has already shown moments of market growth, whereas 2023’s best performance was flat due to variables, such as the cost-of-living crisis. With interest rates beginning to ease, we anticipate reduced buyer hesitancy and, owing to slightly improved conditions, IMRG’s forecast for Black Friday week, 2024, is a -1% decline.” It might be a slight improvement, but retailers and their customers should also be watchful of other activities during this period: cyber-attacks and other types of cyber-crime.

Shoppers lost over £10 million

The UK’s National Cyber Security Centre (NCSC) warns that “shoppers lost over £10 million to cyber criminals during last year’s festive shopping period, with 25–34-year-olds most likely to fall victim.” It stresses the need for increased consumer vigilance. Artificial intelligence, while being a force for good in many circumstances, is increasingly being used by bad actors to fool people with increasingly clever phishing attacks to launch AI-generated scams. So, concerning are they that the centre says 7 in 10 British people worry that AI will make it easier for cyber-criminals to commit online fraud by gaining access to personal and financial data.

Felicity Oswald, NCSC Chief Operating Officer, remarks: “As we enter the Black Friday and festive shopping period, online shoppers will naturally be on the lookout for bargain buys. Regrettably, cyber criminals view this time of year as an opportunity to scam people out of their hard-earned cash and the increased availability and capability of technology, [such as] large language models, is making scams more convincing. I urge shoppers to follow the steps in our online shopping guidance, which includes setting up two-step verification and using passwords with three random words, so they’re easier to remember and harder to hack.”

Erez Hasson offers ‘Five Takeaways from Black Friday & Cyber Monday Cyber Attacks’ in his blog for Thales company, Imperva. Talking about the 2023 season, he says web traffic tends to rise throughout October and November and comments that Cyber Monday now tends to dethrone Black Friday as the e-commerce shopping bonanza. There is also a rise in the use of bad bots, account takeover (ATO) attacks, attacks targeting retailers’ APIs and distributed denial-of-service (DDoS) attacks are a constant threat to e-commerce providers and retailers.

Attacks know no boundaries

So, it’s not only consumers that have to be vigilant – retailers and other businesses do, too. Cyber-security firm finds that the attacks know no boundaries. Mariana Pereira, VP of Cyber Innovation at Darktrace, warns in her blog, ‘How Cyber Monday Is A Cyber Security Nightmare’ that the use of personal email addresses for the season’s shopping in an era of remote and hybrid working can lead to hackers finding a backdoor into the corporate sphere.

She explains: “Phishing emails that target personal email accounts – often using more relaxed email security measures – therefore put organisations at risk. Malicious executable files may grant an attacker access to the device, and from here they can pivot into corporate activity, and infiltrate an organisation through a single, careless employee.”

Not a question of ‘if’, but ‘when’

Upping the fearing is Spin.ai. Its Ransomware Tracker claims that with ransomware attacks it’s not a question of ‘if’, but ‘when’. This is because it has found that over 72% of organisations worldwide “experienced at least one ransomware attack in 2023, and attackers managed to bring in over $1 billion, an all-time high and nearly double their 2022 take.” These attacks often begin with a phishing email, and they can stop an organisation in its tracks by preventing access to their servers and computer systems more generally – costing reputations, time and money. Hackers may also gain access to sensitive data, causing further data loss and damage.

David Trossell, CEO and CTO of Bridgeworks, warns that there is a need to be extra vigilant because all kinds of cyber-attacks increase during the extended period of Black Friday and Cyber Monday. This includes ransomware attacks, and they might just be successful if staff are distracted when they are busy. Remember that prevention is better than a cure, and so he recommends educating customers, training staff to avoid clicking on links – whether delivered by email or in a text message – that could launch an attack.

“More crucially, organisations should air-gap the most sensitive data and back up data so that if a server is successfully attacked, they will have the opportunity to restore their e-commerce or, more generally, their business operations, at what is a crucial time of the financial year.” Being complacent and ill-prepared can, in some cases, land organisations in trouble with regulators when a data breach occurs, because they must comply with data protection regulations, such as the EU’s and the UK’s General Data Protection Regulation (GDPR) to avoid being fined.

WAN Acceleration: Protecting data

One method of ensuring that data is protected includes WAN Acceleration with solutions, such as PORTrockIT. Using artificial intelligence, machine learning and data parallelisation, it enables organisations to back up and restore data rapidly – permitting not just disaster recover, but also service continuity. Even e-commerce organisations can benefit from it, says Trossell, even if they are deploying SD-WANs, which can be enhanced with an WAN Acceleration overlay.

This technology can also be used by e-commerce firms to reduce jitter and to improve the timeliness of real-time big data analysis, which is so important for ensuring that the right offers are delivered to the right markets and customers. WAN Acceleration mitigates the retarding effects of latency and packet loss, while boosting bandwidth utilisation. Companies therefore can do more with their existing infrastructure, allowing expedited, encrypted data to flow more efficiently in a way that can obfuscate cyber-criminals with the increased speed of data transfers.

Trossell says there are many occasions when cyber-criminals will act, and quite often around festive seasons or occasions where online sales activity increases. Companies and individuals have to be prepared and ready to prevent cyber-attacks. While organisations can benefit from WAN Acceleration, there is also a need to consider the biggest weakness in cyber-security: us as humans, and so there is a need to continuously raise awareness and to update systems to prevent any kind of cyber-attack from happening or succeeding.

On that note, he says Black Friday and Cyber Monday can reap rewards for consumers and businesses alike, and so he wishes them a happy and safe shopping experience – and, for those in the United States, a happy Thanksgiving. As for cyber-criminals, it’s important to ensure that they don’t gain from this period – no matter from where an attack is launched in the world.