2021 has been another strange year. Since 2020, the COVID-19 pandemic has changed our everyday lives – particularly the way we celebrate the festive season. As a SOC Analyst at CommSec, my mind goes to helping people stay safe online this Black Friday Weekend.
Just as the decorations seem to go up earlier and earlier each year, the surge of online shopping seems to start earlier every year too. That used to be the unofficial start to the holiday shopping season, followed by Black Friday and Cyber Monday. Recently, we got a new shopping day “Singles Day”. Every year on 11 November, millions of people in China and other parts of the world celebrate Singles Day. What started as an anti-Valentine’s Day celebration invented by young Chinese singletons has gone on to become the largest shopping day in the world.
However, with an extended festive shopping season – one that will be predominantly online due to COVID-19 – come more opportunities for cybercriminals to target consumers with a variety of attacks.
To help you avoid the top four threats that consumers should be aware of, here are CommSec’s cybersecurity tips for safer online shopping.
Protect against ransomware by separating work, and personal device
2021 is the year that ransomware surged throughout globe. While the attackers have been busy in COVID-19 pandemic, primarily targeting healthcare organisations, governmental and educational institutions; we may expect consumers shopping online gets targeted by attackers too.
In current situation where people have leverage of working from home it is important to understand the difference of using the work and personal device. In this festive season, online shopping offers attracts users to buy stuffs where on the other end attacker is exactly waiting for the user to do the same. If the user is accessing company’s device rather than their personal one this might lead to a malicious spread in the organisation.
The attacker’s goal would be to compromise the user’s work device, get on the corporate network and infect the organisation with ransomware. User should remember to do their work stuff on their work device and their personal stuff on their personal device. This avoids giving attackers an opportunity to target a consumer’s employer.
Tempting offers! Be careful to avoid getting phished.
The most common threat vector for attackers is the phishing email because it is easy and it works.
Holiday shopping season is the attractive scam offering platform with variety of phishing scams such as fake shipping notices, fake order confirmation and bogus charities. Often these emails look like they were sent for legitimate companies like An Post and DHL.
Avoid offers mentioning to share with friends/family to get voucher and discounts on the products. Sharing those offers to near one’s you are also dragging them into danger the same way COVID-19 spreads being in contact with each other.
Remember to think before you click. Don’t click on links from unknown sources. If a deal or offer seems too good to be true, it probably is. Also check out our last blog post on what to do if you do click on a phishing link. here
Are you visiting the website you intend to visit?
One of the top threats that CommSec has observed this year is cybersquatting, where cybercriminals register domain names that appear related to existing domains or brands, with the intent of profiting from user’s typing mistakes. The purpose of squatting domains is to confuse consumers into believing that legitimate brands own these domain names (for example, convincing people that tesco24hr[.]com belongs to Tesco.)
With consumers primarily doing their holiday shopping online again this year, attackers will be active in setting up squatting domains that are like the stores where people love to shop.
Consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site. Look for that lock symbol or the “https” in the browser. Avoid using the website having “http” or unlock symbol in the browser as it is non-trusted websites.
Don’t forget to check card statements, formjacking is about!
The challenge for users who are doing their holiday shopping online is that formjacking attacks are difficult to detect. Your transaction will go through, but behind the scenes, your credit card information is being stolen by attackers – and could potentially be sold on the dark web. During this festive time user should always make sure their credit card statement is as expected and there is no such suspicious activity associated with it.
Users should not hesitate to use credit card, or prepaid gift card when making an online purchase as it is a quick solution for purchase. While you can keep an eye on the card statement on the other hand gift card limits the amount of money a cybercriminal has the potential to steal.
Happy shopping, stay safe!
Zeel Jani is a SOC Analyst at CommSec