The holidays typically bring sales, parties and, unfortunately, scammers seeking to play the Grinch with others’ presents and money, cybersecurity experts say.
Cybercriminals have developed “a slew of tactics to trap online shoppers” and separate them from their banking, credit card and personal data, says Saket Modi, CEO of Safe Security, based in Palo Alto, California.
Mr. Modi recommends that consumers be particularly wary of “holiday deals” emails that appear to come from institutions like Amazon or a cellphone company and ask recipients to confirm financial information or open an attachment.
“Consumers should follow cyber best practices such as using multi-factor authentication wherever available, shopping only on trusted and secured websites, and cautiously reviewing emails – especially attachments,” Mr. Modi told The Washington Times.
Scammers commonly use “phishing” emails to drain victims’ bank accounts and credit limits, or force them to download malicious software known as “ransomware” from an email attachment that crashes their devices and requires payment for removal.
Mr. Modi, who cofounded Safe Security in 2012, says the best way to thwart an email scam is to not respond to it and not open any attachments.
That means comparing an email to others from the website in question to see if the addresses match and whether anything looks different from prior messages.
Multi-factor password authentication allows online shoppers to add an extra security question that requires intimate information to verify the identity of anyone using their information, while trusted and secured websites will always have an “https” in front of the address that confirms another website is not imitating it on one’s browser.
“But following such protocols alone is no longer enough,” Mr. Modi said, noting that many shoppers may be visiting unfamiliar websites this year “as they hunt online for the best holiday shopping deals.”
His tips come as Ikea reels under an ongoing cyberattack that began when “reply all” phishing emails infected employee inboxes through compromised Microsoft Exchange servers.
To thwart more sophisticated scams that get around passwords, Mr. Modi says consumers spending large sums online this year should consider getting a security tool “to non-pervasively scan their devices and report any security loopholes, while also tracking potential exposure on the dark web.”
“This will help consumers understand which applications are the riskiest, recognize personal security exposures, learn how strong their passwords are, and know when their devices are most vulnerable to attacks,” he said.
Mr. Modi warns that “cybercriminals are constantly leveraging new methods to hack people” as the COVID-19 pandemic drives more Americans to do their holiday shopping either online-only or through a combination of digital and in-store purchases.
Adobe predicts U.S. shoppers will spend a record $209 billion online between Nov. 1 and Dec. 31, a 10% increase over 2020 — and cybercriminals have increasingly taken note.
On Thursday, the Portland FBI warned of increased threats from online scammers in Oregon, where 17,000 incidents occurred last year.
“Small-scale cyber schemes can be just as devastating to a family that is frantically searching for the perfect gift, that is probably short on cash,” special agent Kieran Ramsey, who is in charge of the FBI’s Portland Field Office, told ABC News affiliate KATU-2.
“All of a sudden, you get defrauded and bam, there goes your holiday season, which would be so disappointing,” Mr. Ramsey added.
Security Intelligence, a cybersecurity news website, reported on Sept. 13 that “retail cyberattacks soared during the pandemic, increasing by 1280% from the beginning of 2020 to the end of the year.”
But despite the importance of creating secure passwords for online shopping, the cybersecurity blog Beyond Identity reported Oct. 27 that 58% of 1,024 online consumers said they prefer to check out as a guest when online shopping, avoiding the time-consuming security process of creating a password-protected account.
The Times reported last Friday that the latest eCrime Index forecast from the California-based cybersecurity firm CrowdStrike shows that while online scams always peak during the holiday season each year, this year’s threat level has increased with the rise in online commerce.
Gangs of cybercriminals based in countries like China, North Korea, Russia and Iran target retail websites that store shoppers’ financial information with data extortion scams, phishing, ransomware, malware and promotional and fake emails.
CrowdStrike added that merchants and banks processing large amounts of digital transactions will remain at heightened risk during this year’s supply chain crisis until the period between Christmas Day and Orthodox Christmas.
Adam Meyers, CrowdStrike’s senior vice president for intelligence, said in a video briefing that the internet hackers will be “taking time off” and “spending time with their families” during that period.