Attackers will resort to all tactics to trick users into downloading malware or handing over credit card data compromising their machine. No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-19 cures and news on nuclear weapons as part of their lures over the past year. And these spam attacks will only ramp up over the next month as consumers across the globe shop online for the holidays.
Adobe Insight’s recent “Holiday Shopping Forecast” predicts that spending for e-commerce will top R3 trillion during the holiday season for the first time ever. The report also specifically warned that there will be supply chain shortages this year due to the pandemic, which is likely to force online shoppers into long virtual queues or push them to shop even earlier than usual and these sorts of pressures can result in consumers taking less care when it comes to checking their shopping experiences are secure.
While consumers always need to be diligent during the holiday season, supply chain issues this year linked to the COVID-19 pandemic could create even greater challenges and inspiring new cyber scams, especially with popular video game consoles and other electronic products in short supply.
News is likely to move quickly around online shopping scams, security breaches and cyber-attacks starting the week of Black Friday, so here are some other important tips for avoiding holiday shopping scams:
- Do not to use public or free Wi-Fi services when making online purchases, as these are normally unsecured and open to cyber criminals.
- Only download apps from trusted and official app stores like the Google Play store and iOS App Store.
- Look out for apps that ask for suspicious permissions, such as access to your text messages, contacts, stored passwords and administrative features.
- Some malicious apps will try to masquerade as a legitimate version of the one you could be searching for. Signs of these apps include poor spelling and grammar in app descriptions and interfaces, lack of high-quality performance and a developer contact that uses a free email service (such as @gmail.com).
- Avoid clicking on unsolicited emails. Make sure you purposefully subscribed to any marketing emails you receive from retailers before opening it and, even when you are sure you signed up, make sure your emails system has security measures in place before clicking on random links.
- Use an ad blocker locally on your browser. These will often block any malvertising campaigns that aim to capitalise on shoppers looking for deals.
- Try to use payment services such as Google Pay, Samsung Pay and Apple Pay. These services use tokenisation instead of the “Primary Account Number” (your credit card number), making your transaction more secure.
- Use complex passwords that are unique, per site. Attackers commonly reuse passwords to compromise multiple accounts with the same username. Use a password locker if you have a hard time creating and remembering secure passwords.
- Manually type in URLs to sites you want to visit rather than clicking on links, ensure web sites are secure (HTTPS) and have a valid security certificates.
Use multi-factor authentication, such as Cisco Duo, to log into your email account to avoid unauthorised access.
By Conrad Steyn, Chief Technology Officer at Cisco South Africa