Given the drastic uptrend in online shopping over the past few days, cybercriminals have up their work output by concealing malicious malware in emails sent to online customers by masquerading as major online retailers. These activities came in the form of Black Friday and Cyber Monday deals and shipment tracking codes, per IBM X-Force researchers.
By clicking on the package tracking link, instead of going to the retailer or the shipping company’s website, users then initiate a download of a malware which can lock their computer and encrypt all their files. The only way to gain access is to pay a ransom.
Masquerading as Amazon, note carefully the “FROM” domains used by spammers in the following two images of emails being disguised as coming from the retail giant as released by IBM. See more findings as reported by IBM X-Force by going here.
“Consumers need to be diligent during the holiday shopping season,” said Caleb Barlow, Vice President, IBM Security. “Cybercriminals are trying to entice consumers to click suspicious links by offering deals and tapping into their curiosity. It’s all about following some security basics to keep shoppers safe this shopping season.”
Barlow went on to outline some security tips for consumers to follow in order have a safe online shopping experience:
• Beware of Unexpected Package Tracking Emails: Be cautious of unsolicited emails.
• Caution with Coupon Codes: If the discount looks too good to be true, it likely is. Promo codes from untrusted sources require caution. Don’t click links to copy the code, instead, copy it and use it directly on the retailer’s website (even if it’s a retail brand you trust). If you MUST click a link in your email, before doing so, hover over the URL and make sure it’s taking you to the website.
• Opt for Credit Over Debit Cards: Use credit cards instead of debit card, when possible. Credit cards offer consumers more protections if the card is compromised.
• Use Unique Passwords for EACH Online Store: Never reuse the same password on different websites, especially retailers. Instead, create a unique passphrase for each website you shop on.
• Shopping From The Office? Don’t use your corporate email address when making online purchases, and never ever use the same password you do for your corporate login. It will put your employer at risk.
• Only Use Trusted Apps: Only download shopping apps directly from the trusted app stores such as iTunes and Google Play. Be especially careful of discount deal apps, especially ones you’ve never heard of. Before downloading the app, check the number of reviews and ratings. If it doesn’t have any reviews or ratings, or a very low number, don’t download it. It might be fraudulent.
• Use A Special Shopping Email Address: Have a separate email address for shopping or deal websites. It’ll help you identify sneaky spam that might bypass spam filters and protect your trusted account.
• Don’t Save Your Info: Never save your credit card information in retail sites and web browsers. It might make purchases faster, but it could put your card number at risk if the retailer is compromised.
• Consider One-Time Use Credit Cards: When buying from a non-trusted or entirely new retailer, you can avoid putting your personal credit card data at risk by acquiring one-time use credit cards from your bank or pre-paid credit cards. You could also purchase gift cards directly from the retailer you’re planning on shopping with.
• Get Creative With Password Reset Questions: When filling out account information, opt for the password reset question that isn’t public. For example, don’t use the street you grew up on, as it could be found online. Instead pick something that can be an opinion question (favorite movie, food, etc). OR alternatively, you can even make up your answers, so only you know.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…