Holiday Season: Cybercriminals are Phishing All The Way Part 2
Last month, November 26, 2018, we published here in Hackercombat the story about cybercriminals phishing all the way, while their potential victims are making a lot of shopping online in preparation of the coming Holiday Season. Our story today is a follow-up of our previous one, this time with Tony Anscombe, Global Security Evangelist & Industry Ambassador of ESET, an antimalware vendor issued a warning to December Holiday Season shoppers.
Volumes of sales invoice are expected to be produced for the Holiday Shopping rush. Some people even use their debit/credit cards more than the last month of the year compared to the 11 previous months combined. Unfortunately, not everyone are on these festive holidays with good goals in mind, as the relaxed atmosphere makes some people lower their defenses and their alertness. Even a seemingly innocent digital greeting card we may receive from our friends and love ones can even a channel for malware to infect our computer. This is especially true for home computers that have no professional system administrator who maintains them.
“According to data from Criteo’s Global Commerce Review, transactions from Mobile Web and in-App purchases now account for 61%, leaving just 39% of online shoppers using desktop devices. Cybercriminals also seek to take advantage on this shift to online shopping and grab the opportunity to make more money with fraudulent phishing emails, scams and fake websites. With the ever-increasing number of data breaches exposing your personal information and payment card data, it’s never been more important to stay vigilant,” explained Anscombe
Extracting information from unsuspecting users is not a rocket science, contrary to popular belief. Phishers just need to be persistent and persuasive, using even the brand logos of corporations they wish to ‘disguise’, in order for the user to believe their claims. It is crucial for phishers to attract the attention of the unsuspecting user, as they cannot steal information on their own as they don’t have access to the system, users have. Stealing user credential is the key for them to become successful in the art of phishing, which can literally translated to ‘fishing for information’, using make content that looks like the original.
“The holiday sales are here and shoppers will be out hunting for bargains, both online and offline. Retailers will create tempting email campaigns – some are already starting to hit my inbox – and cybercriminals will see the heightened online shopping activity as an opportunity to create more scams,” concluded Anscombe.
In full agreement with ESET’s findings is Ryan Wilk, the VP of NuData Security, the cybersecurity arm of Mastercard. “To stay safe online, it is advisable to stick to known brands and retailers – making sure to be on the right website by checking the URL, looking for the security padlock and by checking to ensure that they are not forwarded to an anomalous URL for the payment. At the same time, it is good practice not just during Christmas, but throughout the year to encourage consumers to check accounts and credit card statements regularly, including rewards points which are often a target for cybercriminals who can sneak away with them without being noticed for quite some time. Shoppers should keep an eye out for any anomaly on a retailer’s logo, a typo or other subtle change,” added Wilk.