Customers are not the only ones feeling opportunistic with the great deals offered over the Black Friday/Cyber Monday period, cyber criminals are too. The large scale of SALE communications sent to users prompting customers to “Click Here” and receive the deal of lifetime (for example) has created limitless ways for cybercriminals to cash in on unsuspecting victims. These communications come in the form of emails, SMS’s and social media posts, all of which can be easily replicated by cyber criminals.
We consulted our tech expert Dennis Koome on how to stay safe when shopping online.
So what do you, the customer, need to do to stay safe?
Stop, Look and Think
How’s your internet security mindset?
– Have you ever looked at yourself up online to see what information is out there about you?
– Have you clicked in any links in emails or on websites offering discounts?
– When shopping online, do you check the security status of the website?
– Have you paid attention to or customized your twitter, Facebook, skype, email security settings?
– At home, do you have an external backup source for your computer?
- Spam: Unsolicited bulk commercial email messages.
- Phishing: Refers to tricking individuals into disclosing sensitive personal information or taking a potentially dangerous action, such as opening an infected attachment or visiting a compromised web link using deception via email.
- Spear Phishing: Refers to a form of phishing where the attack specifically targets an individual or a group. Since the attacker has researched the target and crafted their attack accordingly, spear phishing attacks are more likely to succeed.
- Spoofing: Refers to tricking or deceiving you or your system. This is done by hiding the sender’s identity or faking the identity of another user. This may involve sending messages from a bogus email address of another user.
DO’s and DON’TS
- Open any email attachments that end with: .exe, .scr, .bat, .com, or other executable files you do not recognize
- “unsubscribe” – it is easier to delete the e-mail than to deal with the security risks.
- Respond or reply to spam in any way. Use the delete button
- Ever click embedded links in messages without hovering your mouse over them first to check the URL.
- Check the email ‘From’ field to validate the sender. This ‘From’ address may be spoofed.
- Note that www.eset.com and www.support.eset.software.com are two different domains
- Check for so-called ‘double-extended’ scam attachments. A text file named ‘safe.txt’ is safe, but a file called ‘safe.txt.exe’ is not.
Tips for Password Security
- Keep your passwords private – never share a password with anyone else.
- Do not write down your passwords.
- Use passwords of at least eight (8) characters or more (longer is better).
- Use a combination of uppercase letters, lowercase letters, numbers, and special characters (for example: !, @, &, %, +) in all passwords.
- Avoid using people’s or pet’s names, or words found in the dictionary; it’s also best to avoid using key dates (birthdays, anniversaries, etc.). Substituting look-alike characters for letters or numbers is no longer sufficient (for example, Password” and “P@ssw0rd”).
- A strong password should look like a series of random characters.
- On the web, if you think your password may have been compromised, change it at once and then check your website accounts for misuse. At work, change your password at once, and then call your company’s IT Security help desk.
Be on Alert for any email that asks:
- Replying (including sending an “unsubscribe” answer)
- Clicking any hyperlinks in the message (and that includes “unsubscribe” link)
- Opening an attachment.
- Forwarding the email message to others.
- Offers to gain something of value.
- Requires urgent, immediate action to avoid a negative consequence or to mitigate a threat.
- Asks you to resolve an urgent problem.
When online shopping, it is recommended to do so on your personal internet connection rather than on a public WiFi connection, especially when required to enter passwords, banking details and personal information.
It is also recommended to secure all of your devices with internet security, many of us forget about our phones or tablets when we think about security however these devices are still avenues of attack!