While it makes for bleak reading, the frenzy of sales and online shopping activity surrounding Black Friday, means this pre-holiday season is a key period for cybercriminals. And each year we see an increase in cyberattacks during what should be a feel-good time.

The picture is all-the-more worrying in 2022, as this Black Friday (25th November) falls on the same date as the USA vs England World Cup game – a hotly-anticipated day of betting for bookmakers.

With even more consumers therefore expected to be shopping online this year, the opportunity for fraudulent behaviour is rife. But that doesn’t mean we have to surrender to the risks of poor website security. Here, Georgina Grant Muller, marketing manager at RapidSpike, shares the second of her key tips to help website users stay safe this shopping season…

3. Website discrepancies
The number one risk to consumers this Black Friday is falling victim to a data breach caused by a Magecart (also known as web-skimming) attack on a website.

At RapidSpike, we’ve been tracking, monitoring and fighting Magecart attacks since 2015. In that time, we have seen how Magecart – and other web-skimming groups –have developed tactics to go undetected. Magecart is a particular issue for websites and consumers around Black Friday and the peak holiday shopping period as cybercriminals prepare attacks around this time for maximum return on their efforts.

Being vigilant to websites with discrepancies is recommended. A key indicator that a website has been hacked is if the checkout process has a different language to the main website. This happens when hackers use the same web-skimming form across local websites.

Spoofing payment pages can also be inserted before real payment pages which will scrape payment data and send it to a malicious host. A good rule of thumb is that if you have had to input your credit card information more than once, the website likely has a web-skimming form on it and your data has already been stolen. If you suspect that this has happened, notify your card provider immediately.

Leeds-headquartered RapidSpike is a renowned website monitoring platform, protecting the three key aspects of website health – performance, reliability and security.