Cyber Threat Increase During Holidays

Tis the Season for Heightened Cyber Criminal Activity: Tips on How You Can Protect Your Data

Cyber Threat Increase During Holidays

 

The holidays are key times for cyber-criminals to exploit the risky behaviors of unaware Internet users. According to an annual survey conducted by Deloitte Consulting, more people than ever before are planning to buy their Christmas presents from an online source this year.  As such a growing number of services for online shopping are offered on these platforms and IBM anticipates a significant increase of cyber-crime related to computer scams and identity theft.  Doing your shopping online with just a click of your mouse is often the simplest way to shop for many people, but it can also be dangerous.

 

 

 

Secure Private NetworkCyber security experts warn that credit card transactions done on a public WiFi are not being done on trusted networks. It is possible that cyber-criminals are sitting on that public WiFi network scouring the traffic to steal your private information. This means that shoppers could be at risk for identity theft or fraud.

 

 

 

 

During the holidays some environmental factors that could expose Internet users to cyber-crime include:

 

 Phishing

 

Holiday phishing, especially on mobile devices. The number of malicious emails with malware attached or containing links to compromised websites increases during holiday times. Mobile platforms and social media provide privileged channels to spread phishing messages.

 

 

WIFI Vulnerability on Public NetworksPhishing messages may propose special offers, attempting to take advantage of the increasing numbers of online holiday shoppers. One tactic that cyber-criminals use is tricking victims to confirm information related to their bank account or other personal credentials for security purposes in order to steal private data.

 

 

 

 

 

20800137Smishing is a variant of phishing exploits Short Message Service (SMS) systems instead of emails to send malicious messages. This method of attack is also a growing threat; Smishing messages typically direct victims to visit a specific website or call a phone number. When the victim reaches the targeted destination chosen by the cyber-criminal, there will usually be an attempt to entice or coerce computer users into providing sensitive information, in most cases regarding your bank account or credit card details.

 

 

Malicious shipping notifications are also being used by cyber-criminals to send fake messages updating customers on the status of their shipments. These messages usually include malicious links or carry malware.

 

 

It is important for Internet users to consider the risks related to online shopping and avoid behaviors that could expose them to fraud.

 

Fake Notifications

 

 

Fake Android Update VirusDuring the holiday season private events or company parties are very common, inviting personnel and participants via email, and requesting them to complete forms to confirm their participation. Cyber-criminals realize this and take advantage of the increased web traffic with spoofed invitations.

 

 

 

 

 

Public WiFi Networks

 

 

Watch Out For Unsecure Public NetworksWiFi hotspots are dangerous hunting grounds for unassuming Internet users. Many users do not realize the risks they are exposed to once they connected to these kinds of insecure networks. Additionally no defensive measures are taken and often times risky navigation methods are used (e.g. sharing passwords, not logging off after having used a public WiFi connection.

 

 

 

 

Password Hackers on Public NetworksAlmost every WiFi hotspot is considered insecure. Shopping online on these kinds of networks can lead to exposing user accounts to identity thieves and scams. Be aware, antivirus software will not protect you on open networks.

 

 

 

 

 

 

 

WiFi Usage Methods

 

 

Android Password HackerPassword hacking is a very common practice for cyber-criminals. They use different techniques to try to steal account passwords from users. Social engineering, phishing and brute force attacks are very popular during the holidays. Cyber-criminals target users who adopt weak passwords and do not protect services and devices with secret codes. This problem is especially prevalent on mobile devices. Users do not use a PIN to protect them, and in the majority of cases they use simple passwords due the difficulty of memorizing them.

 

 

Christmas Fake Offer

 

Adware Malware
Malicious software specifically designed for holiday shopping may include features to steal the victim’s data. Hackers may even be able to take control of a user’s handset on a mobile device, causing incoming calls and messages to redirect, or forcing calls to premium numbers.  Malware ridden websites may trick users with offers for full-version downloads of popular or holiday-themed games. These applications actually infect your computer with malware when you download or install them.

 

 

 

 

Android Malware Protection copyCyber-criminals also assume the identities of fake charities during the holidays, as more people are willing to donate at this time of year. The scammers in many cases set up bogus charity sites to receive donations. In some cases, cyber-criminals may event replicate legitimate charity sites to steal credentials and other personal information from users.

 

 

Electronic greeting cards and romance scams are other cyber threats that users should watch out for during holidays. Attackers deliver malware or malicious links to compromised websites use e-cards that look legitimate. In the case of romance scams, hackers can use fake photos, emails and text messages to pretend to be a member of a dating website. Dangerous Internet habits, absence of any defense mechanisms, and a lack of awareness of major cyber threats, expose users to the risks of fraud.


Here are a few suggestions that may help to increase the level of security during your holiday shopping.

 

 

Password Lock Your AndroidManage passwords with caution. Never share them, and use strong secret codes, including a mixture of numbers and special characters. It is good practice to use different passwords for multiple web services. This prevents cyber-criminals from gaining access to all your other online accounts if they hack into one.

 

 

 

Tips To Stay Secure On Your Computer Or Mobile Device

 

  • Verify the online reputation of the e-commerce sites you access.
  • Conduct online shopping on secured networks.
  • Do not click on suspicious links. Never open unknown files or download items from unknown sources. This is especially important for unsolicited mails that propose special deals.
  • Be careful to look at the URL of sites you visit and make sure they are legitimate to avoid visiting a fake copy of the websites managed by hackers. Look for variations in spelling or a different domain (for example, the malicious site may use .net instead of .com). Also check the protocol used by your retailers, make sure the URL starts with, https:// before providing any personal or credit card information.
  • Periodically visit your banking accounts and verify the list of transactions, also check that the account balance is accurate.

SSL Secure WiFi Network

  • Protect Bank PasswordsBe careful to look at the URL of sites you visit and make sure they are legitimate to avoid visiting a fake copy of the websites managed by hackers. Look for variations in spelling or a different domain (for example, the malicious site may use .net instead of .com). Also check the protocol used by your retailers, make sure the URL starts with, https:// before providing any personal or credit card information.

 

 

 

 

  • Do not download apps for your mobile device from unknown sources. Always use official app stores for software downloads, like the Apple App Store, Google Play and the Amazon App Store. Also watch for “permissions” granted to any application you run on your device. Make sure that any application you run only has the minimum necessary permissions. Always check the reputation of the app before installing it.
  • If possible, make purchases using a credit card instead of a debit card. Credit cards allow you to dispute any fraudulent charges.
  • Make sure to use secure devices when you do your online shopping. Check that the software you using (e.g. browsers, mobile apps) and the OS are running the current updates. Install anti-malware solutions on PCs and mobile devices and keep them up to date as well.

 

 

Malware Disguised As Java

 

Conclusions:

 

Recently, ENISA published its annual report confirming that web based attacks the most predominant in comparison to other cyber threats. Cyber-criminals use malicious URLs as the primary source to serve malware; at the same time, Java is currently the most exploited application.

” It has been observed that there is a shift from Botnets to URLs as means of malware distribution. Java remains the most exploited software, to infect a web site. In addition, attackers use code injection attacks to create malicious URLs.”

 

 

Safe Online Behavior To Avoid Malware

 

To reduce exposure to the current threats, follow the above suggestions and report fraud immediately to law enforcement. Fighting cyber-crime can be challenging, and sharing knowledge about cyber threats and incidents is imperative in order to recognize new and existing malware menaces.

 

 

References:

Paganini, Pierluigi. “Cyber Security During The Holidays – InfoSec Institute.” InfoSec Institute. InfoSec Institute, 08 Jan. 2014. Web. 20 Dec. 2014. <http://resources.infosecinstitute.com/cyber-security-holidays/>.

 

Stockwell, Alex. “Cyber Security Risks During Online Holiday Shopping.”Time Warner Cable News. Time Warner Cable News, 19 Dec. 2014. Web. 20 Dec. 2014. <http://waco.twcnews.com/content/news/321842/cyber-security-risks-during-online-holiday-shopping/#sthash.6krP1fkz.dpuf>.