When Cybercriminals Hitch On Your Holiday Spending: Online Shopping Trends and Threats
The last quarter of the year means that the shopping season is underway around the world, and consumers are increasingly resorting to online shopping for its convenience. In 2017, online shopping sales in the United States alone reached $2.3 trillion, and the global growth of online retail sales is projected to hit US$4.48 trillion by 2021. November is expected to see the bulk of 2018 online traffic and spending at an estimated $9.15 billion, thanks to Black Friday and Cyber Monday sales around which online spending peaks. Unfortunately, cybercriminals are expected to take advantage of the shopping season as well.
[Related: 12 Threats of Christmas]
There are numerous ways cybercriminals can take advantage of this buying rush, from spam email to electronic devices gifted to loved ones, one wrong move may lead to your information falling into the wrong hands. Here are just some of the most common threats and the best practices for defending against them.
Connected devices as gifts
Smart devices as gift options are no longer limited to children and teenagers’ entertainment as internet of things (IoT) devices also serve as very useful gifts for adults. From mobile phones to smart appliances, some manufacturers have yet to prioritize security features, which can expose users to various online threats.
Before giving them as gifts, it may be best to ask questions and follow certain guidelines:
- When planning to give smart devices to children and teenagers, check the information that it requests from users, how it affects its functions, and how the information is stored and protected.
- Give and teach. Aside from giving these devices to younger users, remind recipients to use them responsibly, and to use them safely when connected to the internet.
- When registering accounts for smart devices, make sure to use strong credentials different from the rest of your online accounts. Update the firmware and with the latest patches from legitimate vendors, and connect to secure networks.
Consumers will likely receive purchase confirmation emails and cautionary alerts from companies this season. Cybercriminals can also craft legitimate-looking email messages that could redirect you to spoofed sites, or use bargains or urgent messages to phish for information.
A few reminders before opening those emails, clicking on those links, or sending any information:
- Do not immediately click on links embedded in emails. Bookmark your frequently visited websites or directly type the known URLs or email addresses of the companies’ representatives. Use a legitimate scam checker to scan questionable email.
- Call the company or organization via known contact numbers and confirm if they have email requests, verifications, or if they have existing promos as advertised in the email. Beware of calls claiming to be from companies asking for your credentials. Legitimate organizations such as banks will never ask for your password over the phone or via email.
- Limit the amount of personal information you share online.
Mobile devices for shopping online
Mobile and smart devices are becoming popular means for customers to get their shopping done this hectic season; from researching and looking at catalogs, to finding reviews and purchasing their goods online. Smartphones, tablets — and devices featuring voice-enabled assistants — prompted conversion and increased spending due to the automation conveniences it affords users. Over time, data collected, such as personally identifiable information (PII), are stored for faster transactions and easier advertising deployment. Meanwhile, cybercriminals are finding ways to exploit these new innovations to sift through information they can use.
While these mobile devices enable people to finish tasks faster than before, users should be aware of the increasingly complex ways cybercriminal attacks work:
- Review publicly posted PII. This information can be used as credentials to access your IoT and voice-enabled assistants without you knowing it, or craft socially engineered emails this season.
- Be mindful as you browse and buy online. Ignore ads, emails, promos and links with questionable offers from unknown sources. Rely on your bookmarked and frequently visited sites, as even search engine results can lead you to malicious spoofed shopping sites.
- Download online shopping apps from legitimate vendors to ensure secure transactions.
- Enable all security features on all your IoT and mobile devices before use.
[Related: Best Practices: Securing your mobile device]
Social media trends and scams
Businesses use social media marketing strategies to boost sales, and new entrepreneurs experiment and open mom-and-pop shops with social media as their starting point. Once found online, more customers are likely to search for these local businesses to try their products or services, especially when friends give good reviews or recommend them. Unfortunately, cybercriminals are also quick to recognize social media’s potential for malicious activities, from spoofing legitimate businesses to fake companies.
Here are a few ways you can protect yourself as you scroll through posts and timelines:
- Manage the information you share. Be aware of the permissions and information collected by your installed social media apps and visited websites such as your location, email address and contact information.
- Look for the verifier symbols (such as the blue check marks) beside the names of brands and retailers before interacting, shopping, or giving information. Most social media platforms now have these to reduce the number of fake pages to help protect consumers from online criminals.
- Be wary of clickbait and alarming headlines, shopping promos, and bargain offers.
Online shopping safety
While stores are ultimately responsible for protecting their customers’ data, consumers should also protect themselves by taking some extra preventive measures this season. From your calls to your purchases, a few reminders and additional steps can ensure that you're making the most of your online shopping experience. Here are some general online shopping best practices:
- Review and learn what you share online. Everyone in the family — from the adults to the children — can learn and practice safer online habits. From avoiding oversharing of information to cautioning the children who they make friends with on social media, maintaining online privacy goes a long way in reducing risks.
- Use improved and compliant payment systems that entail more security measures in place. These new technologies have additional layers of protection for both companies and consumers, and banks have developed reinforced policies that protect their customers from cybersecurity fraud and threats.
- Install a security solution. Whether it be for your computer or mobile, security software can wade through and block malicious ads, emails and websites, reducing your risk of malware infection.
- Use browsers with updated security features, and regularly install official patches from legitimate vendors.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report