Deck the Halls with Cybersecurity
Scammer Claus is Coming to Town Rudolph, the Red-Handed Cybercriminal
The holiday shopping season is in full swing. Since eTrepid is committed to promoting a safer and more secure shopping environment for everyone, we want our customers, partners, and staff to stay aware of trending cybercrimes for a confident and happy holiday this year. So, knock out the rest of your gift list and use these cybersecurity tips to protect yourself, your family, and your business.
This holiday season is like no other. Due to recommendations for avoiding crowded stores, more people are deciding to browse for gifts online. Retailers held more Black Friday events virtually and cyber Monday seems unending. This makes holiday shoppers happy, but sadly this means more chances for cybercriminals to prey on the unsuspecting.
Recent surveys indicate that 82% of holiday shoppers will do most of their purchasing online and nearly 30% of shoppers will do all of it online. Many hit the web for serious deals, but with the convenience of online shopping comes added cybersecurity threats.
Anytime there's a new opportunity for a cyber attacker to take advantage of consumers, they'll give it a shot. Holiday scams are easier to pull off, more widespread, and simply more effective now than any other time of year. With every retailer focused on extended sales, especially online, it creates a longer attack surface for criminals to pounce.
Retailers hurting because of COVID are eager to move products, so there are definitely deals to be had. For that reason, it pays to be skeptical rather than relying on good old routine common sense when shopping online. It's easy to let your guard down and assume the best in everyone, but cyber-Scrooges are standing by to exploit the merry shoppers.
Don't let cyber-Grinch ruin your business or your holidays. Here are some cybersecurity tips to give you better peace of mind for the 2020 holiday shopping season.
Too good to be true deals
We all love a great deal, whether it's a lightning deal of the day on Amazon or Walmart's Deals for Days– scammers know shoppers are making snap decisions to get better deals. Shoppers have a tighter budget in this economy, so we're more susceptible to impulsive decision-making on sales that are too good to be true. If it looks too good to be true, it probably is and you should assume it's a scam.
What are the scammers after? It's not always quick cash. There are any number of things a would-be cybercriminal might try to get from unsuspecting shoppers blinded by holiday glimmer. Of course, the end goal for scammers is to separate you from your money, but they might go about it indirectly. Scammers want to steal your identity, gain access to your data systems, or access online accounts with a username and password that you've used on other sites.
Protect your personal and business info
Never share your personal information online. If you get an email or text requesting personal data like credit card info, social security number, or bank account info, assume it's a scam. Most reputable companies won't ask you for this information within a text or email message.
Beware of complimentary phone chargers
Have you ever been in a restaurant, bar or had a friendly Uber driver that offered phone cable charger options? Consider skipping theirs and using your own cable or battery pack instead. There has been a rise of cloned cables that look legitimate but can read data on your phone once you plug up.
Charity donation scams
Scams that get businesses and consumers to donate to charity are alive and well during the holiday season. Taking advantage of the holiday spirit of giving, scammers may use fake charity requests to get money, credit card info, or even access to data or your devices. Beware of links in emails requesting donations. Instead, contribute to your favorite charity by navigating directly to their website.
Avoid public WiFi
Public WiFi is convenient but can be an easy access point for cybercriminals to take advantage of you and breach your personal and business devices. If you must use a public connection, consider using a VPN which encrypts your data and routes your internet traffic through an intermediary server. If someone intercepts traffic between your phone, tablet or laptop and the VPN server, they won't be able to decipher your data.
Remember that the elderly (and children) make easy targets. Since they remain a prime and vulnerable target, educate your elders and children about using connected devices and what information they should never share online. Older generations can be more trusting or generally unaware of the dangers on the phone. Children who have access to your devices can get in just as much trouble so stay vigilant.
Fraudulent fraud alerts
Beware of calls, emails, or text messages that indicate your credit card, business systems or financial accounts have been compromised. These messages will typically advise you to call a number or click a link to determine or fix the problem. Because these messages are sometimes valid, be sure to verify the number by comparing the customer service number on the back of your credit card or calling the service institution directly to confirm.
Use strong, unique passwords
Perhaps the most effective way to protect your online identity is using strong passwords and multifactor authentication so it's nearly impossible for cybercriminals to compromise. Multifactor authentication requires both a password and a one-time verification code sent via text message, call, or email. Use passwords with a combination of letters, numbers, and symbols. You should avoid recycling your passwords between multiple websites or share passwords.
If you have to create an account on a new website, don't reuse a password you already used or you may compromise multiple accounts. Instead, use a secure password manager to make these passwords strong and unique among different websites you use.
Facebook and social media scams
Have you heard of Secret Sister Gift Exchange on Facebook? It's just one illegal pyramid scam among many potential grifts where you send money to one person to get your name added to a list that you then forward to more people. If you see these, skip them and warn your friends.
What about Facebook or Instagram ads for offers for great deals? Be careful, advertisers on social media sites have access to user data that tells them which groups, charities, and general interests you or your business supports or belongs to, so they know which items you're attracted by and likely to purchase. They may be offering amazing deals that are too good to be true to get you to click on their scam link to a malicious download. They may even be attempting to mimic a more well-known retailer. This leads to our next tip:
Stick with online retailers you already know and trust
With over 7 million online retailers globally and under 2 million of them here in the United States, it's essential to do business with trustworthy retailers given how much opportunity scammers have with online shoppers.
Shop only at reputable, official online stores and with mobile apps that you know and trust. If you see an item advertised at a significantly lower cost, research it to make sure it's safe. Now is not the time to experiment with new and unknown shopping websites for great deals. Pay attention to the URL or web address. Ensure the website address includes "https://" and the padlock icon appears to the left of the web address to know you're shopping on a secure site.
QR codes are trendy graphics you can scan with a smartphone that lead you to a predetermined destination, determined by whoever generates the QR code. Restaurants use QR codes to direct you to their menu, and retailers use them to redirect you to their sales, so attackers can just as easily use a QR code to send you to their scam or malicious software download site. Be sure the code is legitimate, or don't scan them at all.
Holiday-themed apps from mobile app stores are popular ways to create shareable, fun holiday content. Apple® App Store® and Google Play™ do what they can to keep nefarious apps off their platform, but they aren't always on top of every new app.
Last month a cybersecurity firm analyzed 75 publicly available holiday-themed mobile apps from the Apple and Google platform. They assessed security and privacy risks on apps like Santa trackers, holiday photos, holiday games, holiday music, holiday lists, gift-giving, and others. The results were shocking: 94% had security issues and 82% leaked private data. Bah humbug!
Please do your research before installing a new holiday-themed game or wallpaper app from an unknown app publisher and be sure to check the permissions you grant them to access your data.
This wouldn't be a complete list without covering seasonal email scams that flood our inboxes during the holidays. Email scams take many shapes and have a wide range of ill-intentions for the unwitting, including installing ransomware, which is still the most common cyber threat to businesses.
The holidays are rife with email phishing scams, including cyber-criminals sending fake holiday e-cards with malicious links and stealing your personal and business information. Even though most people have heard of email phishing, 41% of Americans fell victim to phishing last year and nearly 90% of businesses were targeted.
Unfortunately, cybercriminals have become masters at mimicking legitimate emails from trusted brands and services, including banks, big-box stores, and shipping companies. Email advertisement can appear to be from a site you know and trust. Avoid opening email attachments and if an email has typos or grammatical errors, play it safe by assuming it's a phishing email or a scam.
Confirm the sender's email address is legitimate, and remember to hover over links instead of blindly clicking on links. If an email looks legit but asks for private information, contact the business directly.
Beware of fake shipping notification scams
Consumers fall victim to fake shipping alert scams throughout the year, but it becomes a real problem during the holidays. Criminals know a perfect seasonal scam when they see one - due to the sheer number of people receiving deliveries and packages being shipped, almost anyone can fall victim.
Usually delivered as emails or text messages, these fake delivery notifications come from criminals who bank on everyone expecting package deliveries during the holidays.
Safeguard your credit card
When shopping online, it's better to use a credit card instead of a debit card tied directly to your bank account. Credit cards typically offer better fraud protection and suspicious activity alerts, too. Never give your credit card information openly over email, phone, or text– reputable banks and retailers won't ask you for this information in those forms.
Whenever you can, use gift cards or even a burner credit card. A burner credit card is one you use just for the holidays so that if you are compromised, you can deactivate that one card and be done.
Don't forget to be proactive and check your personal and business credit card and bank statements routinely. If you notice discrepancies or purchases you don't recognize, contact your credit card company immediately. Early detection of suspicious activity allows you to work more seamlessly with your financial providers to stop additional fraud and recover any lost funds.
Update your device and antivirus software
Do not forget to keep your device software updated and stay current with your antivirus releases. You can save yourself some trouble by setting those updates to occur automatically. Installing software updates not only make your devices work better, but they also often include security and protective measures to keep you safe.
It's no surprise that festive cybercriminals, joyful scammers, and merry fraudsters count on the hectic pace and giving spirit of the holidays. Don't be fooled or get so distracted that you lower your guard to let cybercriminals steal your money, rob your data, or compromise your computer systems.
By following these tips and tricks, you can stay protected and keep your business profitable. As a global provider of managed detection response services, eTrepid works with organizations, companies, and retailers to ensure that their infrastructure remains 24/7/365.
We analyze and protect the data going in and out of large organizations to watch for malicious intentions and thwart breaches before your data ends up in the wrong hands.