Four tips for secure online holiday shopping

With the release of this year’s Cyber Aware Campaign, Alex Hinchliffe, threat intelligence analyst at global cybersecurity leader, Palo Alto Networks, shared some practical advice for how to stay safe when doing your holiday shopping from your work and home devices:

1. Protect against ransomware by separating work and personal devices.
“Ransomware continues to be a serious security threat. We see consumers working from home and shopping on their work devices get targeted by attackers. The goal for the attackers would be to compromise the consumer’s work device, get on the corporate network and infect the organisation      with ransomware.

Consumers should remember to do their work stuff on their work device and their personal stuff on their personal device. It’s far too easy for someone to use a password vault or other credential store to keep personal and corporate passwords. Information stealing passwords could steal both. This avoids giving attackers an opportunity to target a consumer’s employer.

The risks for organisations from ransomware attacks that shut down essential systems and steal data are huge. The size of both demands made by cyber criminals and pay-outs is rising sharply, and no organisation, large or small, is immune from an attack. Inadvertently letting a ransomware gang into your employer’s systems is the worst possible holiday gift.

2. Examine festive email offers carefully to avoid phishing scams.
The most common way attackers get into your computer is via a phishing email.

Even more so than usual, during the holiday shopping season, consumers should be on the lookout for a variety of phishing scams, such as fake delivery notices, fake order confirmations and bogus charities.

Remember to think before you click. Don’t click on links from unknown sources. If a deal or offer seems too good to be true, it is.

3. Double-check domain names to ensure you’re visiting the website you intend to visit.
Cybersquatting is where cybercriminals register website domain names that appear related to existing domains or brands, with the intent of profiting from consumers’ typing mistakes. The purpose of squatting domains is to confuse consumers into believing that legitimate brands own these similar sounding domain names.

With consumers doing so much of their festive shopping online, attackers will be active in setting up squatting domains that are like the stores where people love to shop. For example, we frequently find Amazon is one of the top abused domains.

Consumers should make sure they type domain names correctly and double-check that the domain owners are trusted before entering any site. Look for that lock symbol or the “https” in the browser.

4. Keep an eye on credit card statements to catch formjacking attacks
A top festive cyber scam threat is formjacking, where cybercriminals inject malicious software      code into a webpage used by the consumer to purchase something or share personal information. This scam is designed to steal your credit card details, and other personal information from payment forms that are captured on the “checkout” pages of shopping websites

The challenge for consumers is that formjacking attacks can be difficult to detect. Your transaction will go through, but behind the scenes, attackers are stealing your credit card information – and could potentially be sold on the dark web.

Consumers should make sure to double-check their credit card statements to ensure there’s no suspicious activity.

In general (not just related to formjacking), consumers should always use a credit card, or prepaid gift card, when making purchases online. This ensures a quick resolution if a cybercriminal gets the card information and makes, or tries to make, a purchase. With prepaid gift cards, in particular, it also limits the amount of money a cybercriminal has the potential to steal.”