Blog_Header.jpg

IntSights' Blog

Attention Shoppers and Retailers: 10 Safety Tips for Cyber Monday

by Itay Kozuch / November 20, 2018

Cyber Monday is less than a week away. For this year’s holiday season, analysts expect total sales to surpass $720 billion. That’s a lot of money changing hands, and as we’ve seen in previous years, any time there is a high volume of transactions and activity, cybercriminals will flock to get a piece of the action.

To help you stay safe on Cyber Monday and the rest of the holiday season, here are 10 safety tips both consumers and retailers should remember.

1. HTTPS is good, HTTP is not

When you are buying goods online (or entering any sensitive information, for that matter), always make sure that the address bar turns green or the address in HTTPS.

cyber-monday-secure-site 

2. Verify that the URL you’re using is the real URL

Phishing is one of the most common tactics used by cybercriminals, and that doesn’t change come the holiday season. Make sure you double-check the domain you’re browsing to ensure the site is legitimate. Many times cybercriminals will setup URLs or subdomains that appear similar to a popular retailer. See one example below.

Real URL: https://www.amazon[.]com
cyber-monday-real-site

Fake URL: https://amazon-produktideen[.]de
cyber-monday-malicious-site 

3. When you create a membership account, keep these two password tips in mind

Account takeover and loyalty point fraud is one of the fastest growing tactics used by cybercriminals. To protect against this attack, it’s important to use strong passwords that make it difficult to break into your account. When setting up a membership or loyalty account, make sure your password follows these guidelines:

  • Use strong password, use at least 8 characters with complexity of Capital letters, numbers and special characters
  • Use different passwords for different accounts and websites in order to reduce the risk if one of your accounts is exposed
4. Be Wary of Offers Too Good to Be True

Many retailers offer big discounts for the holiday season, attackers will use that against you and send you fake promotions via email. There are a number of simple checks you can use to see if an email is legitimate or malicious. See the image below for a few of these checks. It’s always good to remain skeptical and not take any risks, even if the offer sounds enticing. If you are ever in doubt, don’t try to risk it and use links from the email! Instead, use any search engine to find the website you are looking for and see if the deal appears there.

5. Review your bank and credit card statements regularly

Credit card fraud is the quickest and easiest way for cybercriminals to buy goods illegally, and they often ramp up their activity throughout the holidays to have a better chance of “burying” a fraudulent transaction within a statement. Make sure you keep track of all your purchases and check your bank and credit card statements regularly to make sure no fraudulent purchases slip through the cracks.

6. Use an up-to-date browser and software

Updating your software is one of the easiest things you can do to protect your information, but many people put it off. Software updates are often released to help improve security and mitigate new vulnerabilities and attack types that are being developed constantly.

7. Don’t use public hotspots for online shopping

Free hotspots are like Manna from Heaven when you’re out and about, but hackers like them even more than you do. Because public networks aren’t secured, any information you enter on a public network is ripe for the picking.

8. Don’t use “Keep my credit card details for next time” feature

We know it might be convenient to not have to enter your credit card every time you make a purchase, but if someone manages to get your account credentials, you’ve made it extremely easy for them to make a purchase with one of your cards.

9. Shopping applications are convenient, but also might be a danger

Last year, we saw 469% spike in malicious applications appear during the holiday season. This is a common tactic for cybercriminals, as any time they can get a user to install their program on their device, there are a variety of malicious tasks they can do. Mobile apps can make it much easier to do your holiday shopping, but you need to be make sure you download your shopping apps from a reliable source, such as: Google Play and Apple App Store. Don’t use app markets that you found on the internet!

10. Be cautious with how much info you share

Many retail websites will ask you for additional information in order to complete your purchase or to start a wishlist. Give them only the information they require and skip any fields that are optional. This reduces your risk of personal details or biases from getting exposed online, which can be used against you later for targeted phishing or further fraud.

From all of us at IntSights, have a happy holidays and stay safe online!

Tags: Retail Cybersecurity

0 Comments
previous post Financial Services Organizations Beware: Rising State-Sponsored APT Group Attacks
Next Post 7 Stats That Show Why Cyber Threat Intelligence is a Must for 2019
Itay Kozuch

Itay Kozuch

Itay Kozuch is the Director of Threat Research at IntSights. He is a cybersecurity expert with over a decade of experience managing cyber-security and threat research. Prior to IntSights, Itay served as a Manager and Head of Cyber Technologies at KPMG. He previously led cyber projects and served as a CISO for major companies in Europe, West Africa and Central America.