Black Friday brings out hackers looking to rip you off

Researchers found hundreds of malicious apps pretending to offer discounts.

Alfred Ng
Alfred Ng Senior Reporter / CNET News

Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.

4 min read

Black Friday and Cyber Monday are expected to be the biggest shopping days of the year. Hackers are hoping to steal from unsuspecting customers.

Mike Kemp/In Pictures via Getty Images

It's a real steal.

With shoppers on the lookout for Black Friday and Cyber Monday deals, thieves are creating malicious apps to steal from eager buyers, as well as targeting online retailers with malware, according to researchers.

Black Friday and Cyber Monday, which come right after Thanksgiving Day, are two of the most popular days for shopping online, with retailers offering big discounts and deals to capitalize on the holiday season.

Last November, Cyber Monday was the largest online sales day ever, with people spending $6.59 billion, according to Adobe. Black Friday brought in more than $5 billion in sales.

With all that money comes hackers looking for a quick payday from unsuspecting shoppers, whether it's through attacking retailers or tricking people directly.

"Black Friday and Cyber Monday are great days for getting deals while shopping online, but it's also a time when hackers get more active," Russ Schrader, the National Cybersecurity Alliance's executive director, said.

Hackers are fully aware of how much money they could steal from eager shoppers online looking for low prices. In a survey of consumers by DNS security company DomainTools, 62 percent of respondents said they would still buy from a brand that's been breached if the deals are good enough.

That's good news for websites such as NewEgg and stores like Target and Adidas, which have suffered breaches.

"This year's respondents were clear that they are willing to overlook previous breaches in lieu of a Cyber Monday deal," Corin Imai, senior security advisor at DomainTools, said in a statement.

If shoppers are willing to take risks for discounts, thieves are ready to take advantage. Researchers from RiskIQ, a security company, found hundreds of fake apps and websites pretending to offer deals while stealing information instead.

Researchers looked up "Black Friday" in app stores, and found that 237 of 4,324 results were malicious, and 44 out of 959 "Cyber Monday" apps were also malicious, RiskIQ said. For the top 10 retailers of Black Friday in 2017 -- which RiskIQ declined to name -- researchers found 6,615 malicious apps pretending to offer deals.

"With the staggering amount of money spent by consumers each year over the Black Friday weekend, it's no surprise that we detected so much threat activity," Yonathan Klijnsma, a head researcher at RiskIQ, said in an email. "While we can't tell exactly how successful these malicious apps and landing pages are, the fact that we see them spun up every year indicates that they're working."

Hackers are also ramping up their attacks on popular retailers. Researchers from Kaspersky Lab found that from July to September, hackers attacked online stores 9.2 million times. That's compared to 11.2 million attempts throughout all of 2017, the security company said.

Kaspersky Lab was tracking 14 types of malware targeting 67 different websites, which range from electronics and video games to clothes and toys. Hackers were attempting to inject banking malware that would steal your credit card information for hackers to use, Yury Namestnikov, a principal security researcher at Kaspersky Lab, said in a statement.

He noted that this malware has been common in the past, but hackers are now specifically targeting online shoppers.

"As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data," he said in a post.

In some cases, if a website has already been compromised, it's hard to know until it's too late.

Magecart, which comprises multiple hacker groups, has been targeting thousands of websites and stealing financial information from unsuspecting customers. The thieves have hit British Airways, Ticketmaster UK and NewEgg in the last five months.

Because those were the official websites, customers wouldn't be able to tell something was wrong until their information was already stolen.

There are some steps you can still take, however.

If you're going to shop online, especially looking for Black Friday and Cyber Monday deals, security experts recommend watching out for scams and fake websites.

The NCSA recommends avoiding deals coming in via email, and suggests heading to the store's website directly. Fake deals will often have typos and suspicious email addresses, Schrader said.

RiskIQ noted that you should only download apps from Google and Apple's official stores, and be suspicious of apps that ask for more information than a shopping app would likely need. Be wary if a shopping app asks for access to contacts or passwords.

CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.

Best Black Friday 2018 deals: The best discounts we've found so far.