With Black Friday and Cyber Monday almost upon us, arguably the biggest shopping days of the year, users are getting swarmed with ads, emails, and great deals that can be hard to resist. Sadly, cybercriminals use this to their advantage, making it incredibly hard for you to know what’s legit and what’s a scam.
Taking a moment to review some of the most common scams that crooks will attempt this time of year can be incredibly helpful to ruin your holiday festivities. A simple mindless click, and you could find your system infected, your files held for ransom, or your personal information stolen.
It’s All About Email
Email-based attacks are still an attacker’s “bread and butter” when it comes to cybercrime. Criminals use all sorts of dirty tricks to try to get you to open their messages or click their links.
We often see an uptick in fraudulent messages this time of year that contain malicious attachments containing fake invoices, fake shipping notifications from major couriers like UPS and FedEx, fake receipts, or fake bank alerts. In every case, the criminals’ goal is to make you open their malicious attachment, which when executed, will install malware like ransomware on your computer. Other variants will try and get you to visit a site under their control where you’ll be asked to ‘verify’ your credentials. When you give them your username, password, and other sensitive information like credit card details, you can find yourself locked out of your legitimate accounts, credit cards used to make large purchases, or bank accounts drained. It can be incredibly difficult to clean up the mess left by a successful attack.
Social Media Scams
It’s not just email, though: popular social media platforms are often used to lure unsuspecting victims. Free gift cards from major retailers, surveys leading to massive coupons or discounts, free products: in virtually every single case they’re too good to be true. And when something is too good to be true…
Often I’ll hear refrains from friends and family: “Well, you never know!”… and that’s a hard concept to break. But the consequences for sharing these scams can be significant: you often will be asked to install malicious adding, spyware, or other nefarious plugins designed to infect you with malware or steal your personal information. Ask yourself before you click Share and follow the instructions: do you really believe Walmart is going to give every person who simply clicks Share a $100 gift card? They’d go bankrupt!
Using Public Wi-Fi
Free Wi-Fi is all but ubiquitous today, especially at shopping malls and major retailers; many retailers use it as a value-add to attract shoppers to their store, and it’s a great way for price- sensitive consumers to keep their monthly cell bills down. But it’s important to understand that there are unavoidable risks involved with using public wireless networks. Fake access points can be as simple as hiding a Wi-Fi Pineapple with a USB external battery pack in a closet or cabinet or even ceiling tile. Your phone will connect to the fake AP, and all your traffic can be monitored.
If you absolutely must use public Wi-Fi, consider using a VPN service which will open an encrypted tunnel through the public wireless and into a more secure network who will then send you the traffic you request.
Shopping at the Office
We all do it. In a world where we’re all connected 24/7/365, it’s clear that users will use Internet resources at the office for personal use. While most organizations today understand this happens, it’s incredibly important for users to pay extra caution when shopping online at work.
Don’t use a computer that also contains sensitive data which could be stolen or lost if you fall victim to malware. Breaches and theft of corporate data are what keeps your CISO/CIO up at night. You don’t want to be the person responsible for a breach.
Double-think every click, every email you open. If you’re not sure, or if something seems wrong, don’t hide it: let someone on your security/IT team know about it ASAP. The sooner they can respond, the smaller the impact to your company and its data.
Don’t let all the doom and gloom keep you from having fun this holiday, though! There are some amazing deals to be had out there, and by taking a few extra moments to think about your safety, you can make sure the worst doesn’t happen to you.