Avoid Online Scams and Shop Safely this Holiday SeasonAs malicious threat actors target online shoppers this season, consumers should adopt strong online safety practices to keep their holidays hack-free. By: Secureworks
Black Friday and Cyber Monday mark the beginning of a busy online shopping season and online and mobile shoppers should be wary of holiday cyber scams. Utilizing the services of top criminal spam botnet operations, threat actors are able to send out tens of thousands of emails containing malicious attachments or links, often disguising themselves as package delivery notifications, holiday coupons and gift cards for popular gift items, holiday e-greeting cards, or holiday photos from friends and family, etc.
Be on alert with all emails, and do not click on any attachments or links before verifying with the sender that they sent the message. Many times these links or attachments don’t lead to the “deal of a lifetime” but to banking malware, ransomware, spyware or spam software. Also, avoid following links provided by pop-up ads, as these could lead to fraudulent sites made to look like legitimate websites.
Lastly, to obtain coupons and gift card offers from specific retailers, go directly to the retail site by typing the retailer’s website address directly into your browser. To help ensure a safe and hack-free holiday, shop safely this season with these tips.
- Make sure your device’s operating system, antivirus, and malware detection software is patched and up to date. Also, keep your browser and browser plugins (document viewers, music and video players, and rich content applications) patched and up-to-date.
- Beware of free wireless access. Cafes and restaurants commonly offer free wireless Internet access. Public networks introduce a variety of risks. An attacker may eavesdrop on information sent or received, resulting in a loss of confidentiality. ONLY use a trusted network when shopping online or performing ANY financial transactions.
- Always type the web address of your favorite shopping websites into your browser. Online ads and emails may direct you to bogus sites designed by cybercriminals to extract personal information.
- When making online purchases, look for HTTPS in the URL window. The extra “S” after HTTP lets you know the website provides a layer of security.
- Be cautious using websites, online ads or unsolicited emails with free offers or big discounts. Also, do NOT click on links or attachments in emails, which could infect your computer with malicious software.
- Make online purchases using a credit card with a small credit limit. This minimizes your potential exposure.
- Be wary of holiday greetings, news and pictures that include links or attachments. Verify their legitimacy with the sender before opening. Your friends’ email address books could have been hijacked by attackers.
- Do NOT follow the prompts in those Microsoft Office document attachments. If you do accidently click on an attachment and a pop-up message requests that you “Enable Macros” or that you “Update the Document” for it to be viewed correctly, then absolutely DO NOT enable either function. Hackers are likely using both the Macros functionality and the Dynamic Data Exchange (DDE) functionality of Microsoft Office documents to deliver malware to their targets via weaponized Microsoft office documents. Consenting to either action may execute the hackers’ malicious code on your computer.
- Never respond to emails from a bank or any financial institution that ask for account or personal information. Financial institutions rarely ask customers to update information via email, and they never ask you to disclose sensitive information via email.
- Avoid using weak or default passwords for any online site. Use a different password for each site; store your passwords securely; and auto-generate new, strong passwords with a passport management tool like LastPass or KeePass.
- When possible, use a computer dedicated solely for accessing financial accounts, online purchases and paying bills. This computer should not be used for surfing the Internet or for emailing, the primary vectors for infecting your computer. This computer should also be used on a trusted network.