Smart Shopping: how to prevent online shopping fraud during Black Friday and holiday parties

With the increasing digitization and interconnection of devices, cyber threats have become increasingly sophisticated and varied, posing a significant challenge for consumers and businesses around the world.

Survey commissioned by Mastercard to Datafolha reveals that seven out of ten Brazilians have already suffered some digital threat, and 13% have already had their data leaked.

Also according to the edition of the “Barometer of Digital Security”, released in 2024, 64% of Brazilian companies are the target of fraud and digital attacks with medium or high frequency, which represents a growth of 7% compared to the first edition of the study, released in 2021.

The second half of the year is a period in which online shopping is intensified, due to dates such as Children's Day, Black Friday and holidays. Therefore, we must take extra care”, says Jose Luiz Assoni Jr., Solutions Integrator Analyst Master of Softtek Brasil, a leading multinational in the IT sector in Latin America.

Some of the most common cyber threats in internet shopping are:

• Phishing: a digital bait where criminals forward emails or messages as being from trusted companies to trick the consumer into stealing their personal information;
• Payment information theft: criminals use techniques such as fake websites or data interception to capture consumers' credit or debit card information during an online purchase;
• Fake websites: fake copies of legitimate online stores, created to collect the personal and financial data of the consumer and make fraudulent purchases on his behalf;
• Attacks of Man-in-the-Middle: in this modality, criminals insert themselves in the communication between the consumer and the website to intercept and steal their confidential information, such as passwords and payment data;
• SQL injection: a hacking technique that allows criminals to manipulate the databases of a website to steal personal information or even control the website; and
• Credit card fraud: consumer credit card data may be used to make unauthorized purchases, even if they have not provided this information directly to a malicious website;
• Credential theft: criminals collect stolen passwords from different websites and try to use them on other platforms to access users' accounts.

“These cyber threats exploit user trust to gain unauthorized access to personal and financial information.It is critical to be aware of these practices and adopt security measures to protect your data during online purchases”, explains Assoni.

How to protect yourself

Below, the executive lists some tips for consumers to protect themselves from these threats:

· Check the authenticity of the site: confirm the address and search for security seals;

· Use secure connections: avoid public Wi-Fi and prefer HTTPS;

create strong, unique passwords: use complex passwords and enable two-step authentication;

· Keep your software up to date: install security updates;

use an antivirus: keep the antivirus updated and run regular scans;

be wary of very good offers: if it seems unreal, it probably is;

don't click on suspicious links: avoid links from unknown sources;

· Use virtual credit card: protect yourself in online purchases;

monitor your accounts: review statements to detect fraud;

· Make regular backups: ensure backup copies of your data.

Assoni also warns of the role that social networks play in the spread of fraud, especially during Black Friday, and how consumers can protect themselves.

“Social networks play a crucial role, both positive and negative, during Black Friday. Among the main frauds that spread on social networks in this period are misleading ads and promotions, malicious links, fake profiles and stores, phishing scams and fraudulent sweepstakes.In addition, there may be social engineering, which manipulates consumers to deliver confidential information”, warns the executive.

“To avoid these scams, the consumer can perform some practices such as consulting the store reputation and reading the reviews of other consumers, as well as manually entering the store website in the browser and checking HTTPS, confirming that the site has the security padlock.I also recommend using secure payment methods, which have some protection factor, such as multifactor authentication and” tokenization, recommends Assoni.

It is worth noting that online retailers must also take steps to protect consumer data and ensure secure transactions.

“Online security involves from technical data protection to staff awareness and transparency with customers. Some measures that online retailers can take to protect their consumers are encryption, protecting sensitive data during transmission using HTTPS, obtaining certifications and seals that prove the security of the site, keeping it always updated and monitored in order to correct possible failures, as well as detecting and blocking suspicious” activities, he concludes.