As a reaction to the news that Brits will spend 96 million hours buying Christmas presents online and will spend £650 million online, online security firms Tripwire and AppRiver have further online security research, warnings and tips in time for the holiday season:
Tripwire recently surveyed 2,011 consumers from the U.S. and U.K. to evaluate their online cybersecurity awareness. The results revealed that more than 40 percent believe emails from “trusted brands” are safe to click, and nearly a quarter of respondents (24 percent) anticipate doing at least part of their holiday shopping while at work.
Other survey findings include:
Over a quarter of respondents (26 percent) believe links contained in subscription emails and newsletters are ‘safe.’
23 percent believe links sent from trusted associates are safe to click.
Only 28 percent of consumers believe it is never safe to click on email shopping links.
24 percent plan to do at least some of their holiday shopping at work.
“Cybercriminals are very resourceful, and they know that the siren song of a good deal is almost always irresistible to bargain hunters,” said Dwayne Melancon, chief technology officer at Tripwire. “The number one reason to click is trust in a brand, which isn't good – I have seen some very convincing phishing emails and bogus websites that look nearly identical to the real thing. Shoppers need to look beyond the facade of convincing branding to make sure they aren't being conned into clicking on a bogus link.”
Troy Gill, Manager Security Research at AppRiver has the following online security warning and tips:
“Scammers take advantage of busy times of the year, particularly the holiday season when countless users jump on online to make purchases, track orders, check mail, etc.
“Don’t let these scams take away your holiday spirit this year:
Fake Purchase or Delivery Receipts – It has become a very popular ploy for malware authors to send “purchase receipts” during the holiday season. These fake receipts are meant to either 1) lure recipients into believing someone has made unauthorized purchases on their behalf, or 2) lead recipients to believe that they ordered something online that has shipping issues.
Monitor Accounts Closely- If you have not already had your credit card information stolen, consider yourself lucky. With data breaches occurring at staggering levels and regularity these days, it’s a good idea to monitor your accounts. Take a few minutes several times a week to log in to your credit and debit card accounts to review all charges and verify that they are legitimate.
Unsecured WiFi- Its best to avoid making online purchases while connected to a publicly-available WiFi signal since it leaves you vulnerable to attack. If you must use public WiFi, do your best to ensure that you are connecting to the correct WiFi provider and that its using a valid SSL certificate. Also, look to see if your signal matches the name of your home or office WiFi signal. If it does, that’s a major red flag and could indicate that you are about to fall victim to a man-in-the-middle attack.
Fake Holiday eCards – If you don’t recognize the sender, delete it. If the email is not addressed to you specifically, delete it. If you’re instructed to download an “executable program,” delete it. Got it?
Fake Holiday Products – Fake products are often promoted via spam emails. If you don’t recognize a company then do yourself a favor and refrain from making a purchase until you’re certain it is a legitimate business.
Fake Holiday Promotions – Similar to the fake product scams, these promos appear online and offer “huge discounts” or other creative ways (i.e., survey, entering contact information) for users to get the latest gadgets for free! Remember, if it’s too good to be true then it probably is.
PayPal/eBay Phishing – Do not follow links within an email if you are unsure who the sender is. A frequent trick spammers use during the holidays is to embed links to a fake eBay or PayPal log-in page. Rather than follow the links, type it directly into your browser.
“A simple rule of thumb is to refrain from taking action on the content of unsolicited emails- clicking links, opening attachments or making investment decisions. Stay away from questionable websites and make smart choices when navigating from search engine results to web pages. Cybercriminals know how to make their malicious sites appear near the top of your search results and use this tactic more often than you think.
“Make sure your computer’s software remains up to date, and go ahead and uninstall unused software programs because all too often they become forgotten, unpatched and create yet another target option for attackers.
“This holiday season, why not give yourself the gift of multi-layered security: a properly-configured firewall, anti-virus solutions, and email and web filtering products from reputable security companies.”