This was originally published on invincea.com on December 1, 2015.
‘Tis The Season To Celebrate… but be Cyber-crime Conscious
Now that the annual shopping binge is underway with Black Friday and Cyber Monday, we are forced to confront the rituals that some relish, while many others dread. Fortunately, those who appreciate the solace of a fine browser or mobile app can participate in the online madness without the human sport of elbow-to-elbow retail competition. According to a recent Accenture survey, more than half of respondents preferred online shopping to visiting stores. Even those who end up braving stores often use the Web for things like comparing prices and downloading coupons.
Retailers are not the only well-organized groups looking to leverage technology and contact shoppers during the holidays: Cyber-criminals also anticipate this season and employ numerous tactics to steal money and identities, commit fraud, and even hijack newly unboxed devices.
Seven Tips for Secure Online Shopping Success
Above all else, balance your deal-hunting with healthy skepticism.
Invincea is pleased to share some practical tips to consider as you head online and into stores:
- Recognize you are the target of both advertising and malvertising
It is easy to forget that whether you are safe at home or traveling, hackers can easily target you. One of the biggest trends in cyber-crime is malvertising attacks that use online ads to distribute malware via reputable Web sites. Using the precision-targeting capabilities of online ad networks, hackers rig malicious ads to attack site visitors’ devices according to their operating system, browser version, geography, and keyword searches (think of the season’s must-have toys or “Black Friday sale”). In recent months, Yahoo!, eBay UK, and Huffington Post visitors have all been hit with malvertising.
- Remember that cyber-criminals love the allure of “deals” as much as you do (maybe more)
This time of year sees the online equivalent of traveling bazaars, as “deal” sites, message boards and forums of varying credibility come alive, offering everything from discount codes to sneak peeks of upcoming flyers. Be especially wary of emailed deals. Instead of clicking on the links to these sales, go directly to the reputable retailer’s website by typing their domain name in the browser. This simple step could help you avoid a phishing attack or malicious URL. Because any blind link could point to weaponized code or a malicious Web page, you should also make sure your device’s data is backed up and security software is in place before you shop. Individuals are advised to complement their anti-virus software with advanced security software that stops phishing attacks, malvertising, and web-borne malware. Above all else, balance your deal-hunting with healthy skepticism.
- Consider mobile shopping for convenience and safety
For those concerned about transacting online, consider using your store’s or bank’s mobile app or website to conduct those activities via your smartphone or tablet. Many Web-based attacks rely on vulnerabilities in desktop browsers, so using a company’s mobile app or website can help reduce the risk of malware infections via your browser. Just make sure you are using the retailer’s legitimate app to shop and ensure the website uses SSL encryption (indicated by https at the start of the URL). To protect your personal PC from online threats, run your browser in Sandboxie – a free sandbox product for Windows users – which prevents your computer from getting infected by malicious websites and content. Business users can rely on Invincea Advanced Endpoint Protection for enterprise-grade security and management.
- Be wary of public Wi-Fi
Be aware of public Wi-Fi in stores, coffee shops, and other public places. Malicious hackers and mischievous individuals can potentially eavesdrop on all your online activity – sending email, shopping, using Facebook, and more – when you are logged on to a public Wi-Fi network. In addition, some miscreants operate their own Wi-Fi service using a Wi-Fi network name (SSID) identical to the legitimate Wi-Fi network name you are expecting to see. If you unknowingly connect to the miscreant’s network, they will be able to capture and view all your network traffic. To avoid risking your personal communications and even passwords being exposed, it is best to use a cellular network connection, wait until you get to a trusted home or work network, or install a personal VPN or SSH proxy on your device.
- Update devices before you hit stores
Attackers can easily infect shoppers’ devices with malware when security settings are lax, so be skeptical of pop-ups asking for your devices’ passwords or requiring you to install software or “updates” before you sign on. These could be malicious or invasive programs in disguise. To be safe, use your trusted home network to update all your apps and devices before you head out shopping.
- Don’t trust those delivery notices and party invitations
Expect scammers to try to take advantage of your holiday logistics and to-do lists. Invincea has seen convincing spear-phishing emails arrive as fake “package delivery” notifications that criminals hope victims will rapidly open and click without considering the risk. Rather than assuming an email or text notification is legitimate, log-in to check your order status at retailers’ and shippers’ Web sites.
Likewise, make sure digital holiday party invites appearing to come from family, friends and co-workers are legitimate before you open and click.
- Prepare for the worst with this one simple action
While remaining vigilant about the risks of online activity, it’s also wise to prepare for what could happen if your device is compromised and your identity is stolen. Invincea recommends individuals consider initiating a credit freeze on their accounts with the four major credit reporting agencies. A credit freeze essentially locks down access to your credit history and rating, preventing the agencies from releasing your information to new creditors without authorization. If your identity is stolen, this can help limit the potential damage.
Enjoy the holidays and stay safe in real life and online!