Early shoppers are not the only ones excited about Cyber Monday. Online criminals are also eagerly awaiting the biggest online shopping day of the year!
Cyber Monday sales are expected to rise 12% from last year, to reach a staggering $3 billion, according to Adobe Digital Index. Online retailers are preparing with glee to service every customer to take their share of this year’s sales windfall. The number of transactions will be staggering, with people scouring the web for deals, entering credit card data, using electronic currency, providing email and shipping addresses, and spending money in large amounts. Websites, credit cards, and shipping companies will compensate for this expected surge.
From a cyber criminal’s point of view, these activities are all huge opportunities to steal your credit, obtain your personal information, infect your system, and extort money from you. Cyber threats can turn your best shopping day into a terrible nightmare.
Let me introduce you to the threats:
Data Harvesters work to collect and aggregate personal data, so they can sell it to criminals and advertising networks. They lure people in with ads, spam, phishing, and fake websites offering insanely good deals, so victims will happily input their personal information and credit card information.
Credit Card Fraudsters
Credit Card Fraudsters use stolen account information to order products and services. With the vast number of transactions, many of high value, it is a great time for them to obtain pilfered card numbers and use them across the web. It is more difficult for merchants and credit companies to identify fraudulent transactions on Cyber Monday, even for big ticket items.
Phishing & Spam Masters
Phishing and Spam Masters assist Bot Herder, Malware Distributors, and Ransomware Extortionists. Phishing is typically conducted via email, text message, or social media post. It works by luring the victim to visit a maliciously crafted webpage, open a file, install an application, or click a link. The result can infect the system with all manner of malware or get the unsuspecting victim to voluntarily provide sensitive data.
Bot Herders are continually looking to grow the number of systems they can control via a remote connection. They install malware on victim’s devices which allow them to harvest information and use the group of controlled systems to collectively attack other targets. Bot Herders participate in Distributed Denial of Service (DDOS) attacks to bring down websites and click-jack scams to generate ad-revenue. They can also turn their victims into communication relays to hide other attacks or generate and distribute spam/phishing campaigns.
Ransomware Extortionists conduct one of the more vicious types of online attacks. These criminals use malware to hijack important files on a user’s systems and encrypt them. This makes them unusable by the owner. They may target financial records, important documents, family photos, online game accounts, etc. then demand payments of hundreds of dollars to unencrypt them. This is a savvy and very popular extortion method which is becoming a growing problem worldwide. They are always looking for new victims.
Website owners need to be online and functioning properly to showcase their wares, service prospective customers, and process digital transactions. No retail company wants their site to be down. Cyber Monday, of all the days is the most critical. Denial of service extortionists capitalize on this fear and demand protection money from sites, with the threat of launching an attack which will interfere with their customers’ ability to reach the site. These criminals may employ Bot Herders to send a flood of traffic or they may simply find internal weaknesses on the hosting site to corrupt the web portal. Either way, even being down for a few precious minutes can cost a retailer a significant number of sales.
Don’t be a victim! Here are some recommendations to avoid the drama and have a great Cyber Monday:
1. Shop only with trusted vendors.
Search for ratings and reviews from people you trust. Make sure they have a secure website.
2. Use a credit card instead of a debit card.
Credit cards offer more security and protection. Keep a close eye on your statements for fraudulent charges and immediately report any unauthorized transactions to your credit card company.
3. Don’t fall for phishing or spam in emails, texts, or social media apps.
Never click on embedded elements or links to open an attachment in messages that are sent to you. These links can hide their real destination. Instead, open a new browser tab and type in the vendor site yourself (no cut/paste cheating). Be suspicious of emails and texts from your bank, a retail vendor, or police/FBI. These are favorite entities that spammers love to impersonate. Criminals will even title their messages with warnings of “fraud alert”, “order confirmation”, and “transaction validation” to get victims to open and click on links. Be careful!
4. Avoid online scams.
If the deal seems too good to be true, it probably is. Beware of ads, and links in email/texts. You won’t know where they will take you until it is too late. Use common sense as incredibly inexpensive products may be counterfeit or non-existent altogether.
5. Only download mobile shopping applications from a trusted source and vendor.
Stick to the approved Apple and Android stores. Avoid any application which asks for your credit card number to help you shop.
6. Beware of Ransomware.
Make sure you have a good and up-to-date anti-malware solution installed. Backup your files, passwords, important documents and treasured pictures to an offline drive. I prefer convenient USB drives which are very inexpensive (and also make a great stocking-stuffer holiday gifts).
7. If you have to establish an account on a shopping site, create a unique password (don’t reuse) just for that site.
Use a password manager if needed and backup that password file offline.
And there you have it. Keep yourself safe and secure for this year’s Cyber Monday bonanza.
Have more tips or looking for additional insight? Join me on Twitter to continue the conversation @Matt_Rosenquist