Cyber Risk Aware Blog

Tis the Season To Stay Safe Online!

[fa icon="calendar"] 20-Nov-2018 10:09:47 / by Stephen Burke

Stephen Burke

It is true that with the onset of the holiday shopping season there is a dramatic up-tick in activity in both the eCommerce world and the cybercriminal.   Black Friday and Cyber Monday have now become international shopping events and they are no longer one weekend but seem to go on for three to four weeks.  So, with consumers seeing increases in offers, promotions and coupons coming out in emails or SMS messages (SMiShing is the growing threat) as well as all those order confirmations, payment requests and shipping messages there are rich pickings for the cybercriminal who wants to swim in tide of communications hoping to de-fraud some unsuspecting consumers.

 

So here are some basic hints and tips that you should consider – in order to keep yourself safe at home and at work during this holiday shopping period.

  1. Ensure that the E-commerce website you are using has an HTTPS connection with a valid encryption certificate. This advice has not changed and indeed all reputable websites should now be running on https. Simply don’t visit or give a site any details that is not implementing this level of security.
  2. Setup Two Factor authentication on all your eMail accounts, social media accounts, VPN’s and Financial accounts. If there is a single step that will help keep criminals away from your data this is it. What this means is that even if a criminal gets your password, they will need something additional like your mobile phone in order to be able to log into your account. Have a look at  twofactorauth.org   
  3. Always use strong passwords. They need to be longer than fourteen characters in length with capital and lower-case letters, numbers and a special symbol and NO dictionary words.  Think passphrase instead of password.  Use a reputable Password manager if you must to manage these. Do not re-use passwords across different accounts
  4. Be cautious about online offers. The old maxim if it is too good to be true it probably is.  You simply do not get picked at random to win a prize when you didn’t enter for it in the first place.
  5. Review and understand the details of any eCommerce Mobile App you download. Make doubly sure that you are only downloading this from a trusted app store or a trusted retailer.  RiskIQ has reported that 1 in 10 mobile apps related to Black Friday are blacklisted.
  6. Do not conduct sensitive activities like Online shopping or Banking using a public wi-fi network. Free Open Wi-FI networks are a hackers dream for getting your data because of the pack of security measures.
  7. Think and check before you click on any link in your eMail or in your SMS messages. Phishing continues to be the number one way that criminals get their hands on your data. It continues to grow with Cyren reporting for example an increase of 172% in active Phishing URLs up to the end of last year to over 10 million.
  8. SMiSHING is a growing threat you need to be as vigilant when clicking on links in SMS messages as email. Especially now as many logistics companies use SMS to improve the delivery experience. Check where the link is going to. If you don’t recognise the sender – do not click.  Criminals will also try to use variations of major eCommerce brands and Logistic companies to fool you into going to places you should not. 
  9. Make sure you run anti-malware and virus software on your computers and your smart phones. They are a must but they will not stop everything as virus writers write in excess of 50,000 new viruses every day.

 

There is not much new in these tips but it continues to be surprising how many people do not follow them.  The excuse that I am not tech-savy is not valid and a dangerous position to take.  Take the time to secure your devices and be safe while shopping online this Holiday period. 

Topics: Phishing, securty awareness training, smishing

Stephen Burke

Written by Stephen Burke