Home page logo

dataloss logo Data Loss mailing list archives

Cyber Monday full of identity theft risks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 20 Nov 2013 01:28:38 -0700


Scammers and hackers are gearing up for Cyber Monday and consumers should
keep their wits about them, be aware of the risks and remain sceptical of
offers that sound too good to be true

Consumers are already doing more of their holiday shopping online. Even so,
Cyber Monday, the Monday after Thanksgiving, is expected to be the busiest
online shopping day of the season as retailers roll out a number of
specials to take advantage of that.

But be warned: scammers and hackers are gearing up for Cyber Monday as well
and one expert says Cyber Monday may be the most dangerous day of the year
when it comes to having your identity stolen.

“The best way to be secure on Cyber Monday? Yank the plug out,” said Bob
Bunge, a cyber security specialist and engineering professor at DeVry

Christmas for scammers

While it's true that scammers run their “phishing” attacks all year long,
Bunge and other security experts he consults with have seen the intensity
level build since the start of the holiday shopping season, especially
since so many retailers are jumping the gun on Black Friday and offering
online deals now. But he expects activity to spike on Cyber Monday.

“The reason is consumers are expecting to get a bunch of screaming good
offers from retailers they've done business with,” Bunge said. “It's the
one day of the year that if Walmart says they'll sell you a TV for $10 you
might be inclined to believe it. Only it isn't Walmart making the offer.”

Instead, it could be someone in another country hoping you will click on
the link in their email, which could either send you to a bogus site and
entice you into revealing sensitive information, or download nasty malware
to your computer – or both.

Avoid wireless connections

Bunge offers a few tips for staying out of trouble on Cyber Monday – short
of unplugging your computer for the day. First, he says, avoid making
online purchases using a wireless connection.

“Especially avoid using wireless connections in a public space, like an
airport or a coffee shop,” he said. “I was at a conference today where they
had an open wi-fi connection for everyone to use. Well, that's great but
it's not a place to do your shopping.”

Home networks are a bit safer, assuming you have good security on your
connection. But even then Bunge says you are not completely safe,
especially if you live in a high-density area where many of your neighbours
can pick up your wireless network. If one of your neighbours happens to be
a skilled hacker who can get past your security, you're vulnerable. Better,
he says, to place your orders with a computer hard-wired to your network.

“All things being equal, wired beats wireless when it comes to the security
of your connection,” Bunge said.


Another piece of advice – never click on a link in an email.

“If you like the way the URL looks, if it looks legit, then re-type it in
the address window of your browser, don't click on it,” Bunge said. “The
reason being, a hacker can type a legitimate web address, like
www.amazon.com, in the email but make that link take you somewhere else.”

Make sure your software is up to date. Most software updates address
security issues so consumers, where possible, should opt for automatic

“Two of your major security issues are Java and Flash, which are
third-party browser enhancements,” Bunge said. “And the reason they are
security issues is because people don't update them. There are all kinds of
known exploits against the older versions and if consumers aren't updating
those packages, that's something attackers will exploit.”

At the same time, Bunge says consumers need to beware of bogus update
prompts that try to get you to download malware or spyware. Always make
sure you are getting your updates straight from the vendor's website.

Limit risks

A savvy online shopper will also try to limit their risks. One way to do
that is to use only one credit card for online purchases.

“If something bad happens you only have one card that has been
compromised,” he said.

Finally, consumers should keep their wits about them, be aware of the risks
and remain skeptical of offers that sound too good to be true. Bunge says
the most effective online scams are usually the simple ones – “You've won
an iPad! Click here!”

While it may seem that the Internet has made the world a scarier place for
consumers, Bunge says the world has always been pretty scary.

“The Internet hasn't changed human nature,” he said. “It's made it more
convenient for liars to lie.”
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.

  By Date           By Thread  

Current thread:
  • Cyber Monday full of identity theft risks Audrey McNeil (Nov 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]