Holidays and the cybercriminals

Written by Alain Penel, Regional Vice President – Middle East at Fortinet

For most of the world, the holiday season is just around the corner. And in our increasingly connected world, that involves more online activities, from shopping and entertaining to socializing and planning, than ever before.

Retailers are gearing up for the biggest online shopping season of the year. They are updating their web presence, adding additional compute resources, prepping their packaging and delivery systems, and stocking their warehouses with inventory. That’s because in today’s highly competitive digital marketplace, it is imperative that online shoppers quickly find what they are looking for and don’t experience any delays when making online transactions. Because unhappy consumers will not only leave a site to shop somewhere else with the swipe of a thumb, they will tell their friends about their experience as well.

But all of this online activity isn’t limited to the sofa. Even when shopping at a mall, big box retailer, or Mom & Pop boutique, shoppers are connected online. They are uploading photos of items they are considering to their friends and family, comparing prices, reading reviews, and interacting on social media.

Cybercriminals love the holidays too
Unfortunately, the holiday shopping season is also a big event for cybercriminals. Nearly two-thirds of organizations, including online retailers, saw severe exploits targeting their networks during the past quarter. And the number of compromised web sites, charity scams, email phishing campaigns, malicious web access points, and even fake shopping sites will all explode over the next two months. And all of them have been designed to steal your personal and financial information.

So, in addition to checking your credit card balances and making out your shopping lists, you also need to take precautions before doing any holiday activities online, whether shopping for gifts, sharing information with friends over social media, or looking up a recipe for the perfect cranberry sauce. If done right, the Internet can be a safe and convenient way to enjoy and share the holidays – but only if you follow a few simple rules.

Be careful how you connect to the Internet
Public Wi-Fi sites are a haven for criminals looking to intercept your connection and use it to steal passwords, baking or credit card information, and other personal data. If you are looking to connect to Wi-Fi, for example, take a second and ask someone the name of the access point being sponsored by the store. Because not every open access point is safe to use. Someone advertising “Free Wi-Fi” may be connecting you to the Internet through his device, which means he can see and capture all the traffic moving between you and your online shopping site, bank, or social media accounts.

And even if you are connected to a legitimate access point, make sure that the sites you are using are protected using SSL, or consider using a VPN service to protect your transactions. Unencrypted data, even if it is just moving a few feet from your device to a local wireless router, can be intercepted or compromised.

Manage your mobile devices
One of the most frustrating experiences mobile device users used to deal with was always having to negotiate a connection to the Internet, even when at home. Modern phones have addressed that problem by always actively searching for the wireless devices you usually connect to. And any access point you have connected to in the past, whether from a hotel or a coffee shop, is probably on that list of familiar devices. And once your phone finds a network it thinks it knows, it will automatically try to connect to it.
But there are tools available to criminals that can detect the name of the devices your phone is searching for and then pretend to be one of those devices. That means you may be connecting to a compromised access point even when your phone is in your pocket and you are browsing through a rack of holiday sweaters. Which is why when you are away from home you should always disable the auto-connect service on your device

Only download legitimate apps from legitimate sites
Recent reports show that mobile devices running an Android OS are a growing cybersecurity concern, and are especially susceptible to compromise, most commonly by downloading infected applications. According to one report, over three million new Android malware samples were discovered last year, and one of those malware apps managed to infect over 500,000 Android devices. Many of these apps hide on a device and monitor web and application traffic. During the holidays, when more online shopping occurs than any other time of the year, the chance that a compromised app can intercept your financial or other personal information is especially high.

To combat this challenge, only download apps from legitimate application sites and never allow installations from “unknown sources.” And second, download a security tool from a legitimate app store and scan your device to see if it has already been compromised.

Think twice before shopping at an unfamiliar online store
If you are shopping at an unfamiliar online store, the best place to start is to be skeptical. Unusually low prices and high availability of hard to find items are red flags for scams. Sure, there are some good deals out there. But people invented the phrase “too good to be true” for a reason. If you are going to shop at an unfamiliar online store, follow some basic strategies to protect yourself and your assets:

  • Before you click on a link, hover your mouse over it. This should reveal the URL address it is connecting you to. Look at it carefully. Is the name too long or does it contain lots of hyphens or numbers? Does it replace letters with numbers, such as amaz0n.com? If so, don’t click on it.
  • The better choice is to a) enter the name of the site into your search engine to see if anyone has complained about it, and b) go directly to the site rather than clicking on the link. A legitimate retailer will provide you with access to any authentic deals advertised online.
  • Once you connect to the retailer, take a minute to look at the website. Does it look professional? Are the links accurate and fast? Are there lots of popups? These are all bad signs. Bad grammar, unclear descriptions, and misspelled words are other giveaways that the site is probably not legitimate.
  • Before you start shopping, take a look at the checkout system. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment. Then make sure that it accepts major credit cards. You will want to use your credit card and not your debit card if you decide to make a purchase as most credit cards have built-in fraud protection and they are not directly connected to your checking or savings account. Check with your bank or your card provider to learn more about what protections your card provides.

As our ability to purchase items, make online transactions, and connect to others through smart devices gets easier, we need to understand that these conveniences come with risks. Cybercriminals are determined and informed on the latest trends and how to exploit them. Which is why we need to take the time to educate ourselves – and our friends and family – about shopping carefully so we can have a happy, and safe Holiday season.