Avoid being stuffed by cybercriminals this Thanksgiving
A recent warning from the US Cybersecurity and Infrastructure Security Agency (CISA) has urged online shoppers to be increasingly wary this holiday season, a time during which cybercriminals are known to ramp up their illicit campaigns.
In 2018, Americans spent $7.9 billion online in the period between Thanksgiving, Black Friday, and Cyber Monday – nearly half of those sales were eaten up by Amazon.
But as the number of people worldwide who choose to shop over the internet increases, so does the risk of an individual falling victim to cybercrime.
A new report released by threat detection organization ZeroFOX has highlighted the risks associated with the online retail sector, citing domain spoofing, phishing, and brand impersonation as some of the biggest threats facing bargain hunters.
The company analyzed data collected from multiple online sources across 12 months to September 1, 2019.
It found that from November 9 and November 28, 2018, there were more than 33,000 instances of fraudulent activity – 55% targeting the tech market, the most popular sector for Black Friday deals.
The majority of attacks were domain-based assaults. Of the 1.4 million alerts ZeroFOX received during the period, 92% were related to domain security, with 15,000 impersonated domains identified.
Domain attacks see cybercriminals create spoof websites to lure customers into handing over their credit card details or valuable personal data.
This could be carried out under the guise of a copycat website or lookalike URL, both of which can use misspellings or typosquatting to trick a customer into believing it is legit.
ZeroFOX also highlighted the risk of retail scams such as coupon or voucher giveaways, which coerce users into handing over personal data for discounts that never materialize.
Zack Allen, director of threat operations at ZeroFOX, told The Daily Swig: “If an offer looks too good to be true, it probably is.
“If you are looking for deals, stick to the websites or the verified profiles of the stores you are interested in.
“Many of these scams give you a ‘call-to-action’ pitch, such as ‘if you don’t sign up now, you won’t get that coupon!’ – be mindful of these call to actions so you can protect your information.”
Phishing for a deal
Another danger this holiday season is the threat of phishing campaigns, which increased by 21% in the second quarter of 2019 alone.
Phishing attacks are usually conducted via email, encouraging the recipient to click links or download malicious files that can infect a device.
They can be obviously fake – littered with misspellings or suspicious content throughout – though some can be highly convincing and appear to be from a legitimate individual or company.
Tarik Saleh, senior systems engineer and malware researcher at DomainTools, advised: “Be extra cautious on opening emails from unknown senders, especially with attachments, and be sure your antivirus solution is updated to reduce the likelihood of being compromised during the holidays.”
Javvad Malik, security awareness advocate at KnowBe4, added: “Even during holiday times, people should remember that scammers will often use the same tactics of instilling panic or fear into their victims in order to get them to respond quickly without thinking of the implications, or what the proper process should be.
“Whenever any such notification is received, people should manually navigate to the website, or contact their provider directly and not click through on links – especially if the next step asks for logon credentials.”
How can you shop safely online?
There are a number of tools and practices to help you improve your online safety and security:
- Ensure your devices are updated – be it your operating system, browser, or any browser extensions you might use. Don’t fall victim to an outdated vulnerability.
- Brush up your skills in spotting phishing attempts. There are a number of online resources you can use to test your knowledge, including this one from Google. Remember: never click on a link you don’t trust.
- Make sure the websites you’re using are full HTTPS – particularly those requesting payment or other personal details. You can even download browser extensions that automatically block insecure pages for better peace of mind.
- If you download any apps this season, make sure they are 100% legit. Look for reviews and don’t be fooled by fake malicious downloads.
- Never enter any personal information, especially card or bank details, over an insecure WiFi network.