Expert Advise In Relation To CISA Warns Of Holiday Online Shopping Scams

With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
November 25, 2020 7:40 pm

The holidays are a time of great joy and reflection for many people on their accomplishments and achievements throughout the year. It is a time of joy and love and appreciation for family and friends. Unfortunately, the holiday joy can soon become misery because of the growing risk cyber thieves pose to shoppers and holiday revellers. Be safe and be on the lookout for cybercrime attempts that might just come across your personal devices through phishing emails and other scams. Diligence will reduce the holiday shopping risks facing every shopper around the world this year.

Never click on the links you receive in emails as they could be phishing scams. One of the most popular scams run by hackers is a phishing email purporting to be from a retailer with a great holiday offer of 25% or 50% in total savings. Be suspicious and instead, cut-and-paste the promo codes in the emails and go directly to the retailer\’s websites for more information.
Never visit dubious websites and do not download anything.
Keep your mobile devices up to date with the latest software updates. Never download mobile shopping apps from unofficial or unauthorized sources. Most legitimate apps are available from Apple\’s App Store or Google Play Store. Hackers prey on consumers and dupe them into downloading fraudulent apps laced with malware.
Don\’t fall for smishing (SMS phishing) attacks where hackers infiltrate mobile devices through social engineering, where consumers knowingly or unknowingly divulge personal information. Hackers will send consumers fake text messages to lure victims to click on malicious links, which directs them to malicious web pages.
Consumers should monitor their credit cards daily during the holiday season for suspicious and unauthorized charges.
Consumers should pick one of their credit cards or debit cards for their holiday shopping purchases to more easily manage and monitor transactions. Consumers should consider putting a temporary hold on all but one or two credit accounts during the holiday season.
Because data breaches lead to password theft, consumers need to regularly update their passwords. Do not use the same passwords repeatedly. Surprisingly, consumers still use passwords such as \’password\’ or ‘1234567.’ Consumers should also consider using a password manager because they are easy to use and are safe. Reputable products include, NordPass, LastPass and 1Password. Some companies are offering FREE 30-day trials on their services.

Jonathan Knudsen, senior security strategist at Synopsys, added \”Online holiday shopping this year will be more popular than ever, as the global pandemic encourages shoppers to stay home. Consequently, we can expect to see an increase in cybercrime and scams. The best way to make better software is by incorporating security at every phase of the development process. When designing software, vendors should use threat modeling to incorporate features that thwart attacks. Defense in depth and other secure design principles should be used. When building and testing software, vendors need to integrate automated security testing to find and fix more vulnerabilities before release. Unfortunately, consumers don’t have visibility into how apps and web sites are built, so it is nearly impossible to assess the risk of using a particular piece of software.

However, consumers can take proactive steps to protect themselves. Keep system software and applications up to date to guard against known vulnerabilities. Protect accounts with multifactor authentication whenever possible; strong, hard-to-guess passwords are recommended. As always, be wary of anything that seems too good to be true, particularly unsolicited emails or texts offering free gift cards. Research unfamiliar web sites to determine legitimacy.

When application developers build security in, and consumers follow best practices, we will have a safe and enjoyable online holiday shopping season.

Last edited 1 year ago by Sam Curry
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x