SKOUT Threat Advisory 0078-21: Cyber Threats Targeting Consumers During Holiday Season
|Our partners at Barracuda/SKOUT Cybersecurity have alerted us to this current threat.|
The holiday season is once again upon us, and with it comes the busiest time of the year for shopping and traveling. Specifically, Specifically, the period after Black Friday is a time of year where attackers will be busy attempting to take advantage of the endless amounts of online sales, purchases, and donation opportunities that shoppers will make. Barracuda wants to ensure that everyone stays safe and takes on their holiday shopping and donating with a cautious eye.
Technical detail and additional information
WHAT IS THE THREAT?
Regardless of the time of year, bad actors are always looking to steal information that can be of value to them. During the holiday season, they are presented with their largest opportunity to do so. There are a few threats to keep an eye out for during the holiday season:
Fake Websites: Everyone is looking for the best deals during the holiday season. Bad actors will exploit this in an attempt to lure shoppers into giving information to fake websites.
Credit Card Skimming: One guarantee during the holiday season is that purchases on legitimate websites will be at their highest point of the year. Shoppers should be careful about what methods of payment they are using to make their holiday purchases.
Fake Gift Exchanges: This is a new one that has come up in recent years, with one already surfacing this year. Stay away from the “Secret Sister” gift exchange, which is a scam that has already appeared on Facebook.
Fake Charities: Bad actors will look to exploit the generosity of people during the holiday season. Donors should be sure to do their research on a charity before giving anything away to it.
Data Exposure via Public Wi-Fi: During the holiday season, whether they are out shopping, traveling, or going out with friends and family, people will be on the move and many will rely on public Wi-Fi. Attackers are aware of this and could exploit the increased usage to steal information.
WHY IS IT NOTEWORTHY?
Phishing campaigns and fake websites grow more sophisticated every year, and threat actors have managed to create more convincing and realistic sites in recent months. It is becoming increasingly more difficult to tell what is real, and what is a scam. Millions of dollars in purchases will be made this holiday season, and everyone will be looking to find the best deal possible on whatever it is they are purchasing. This can often lead to someone landing on an illegitimate website, just because they are offering the lowest price. Even if it is a real website, it is important to ensure it is encrypted, as this could lead to information being leaked later on.
WHAT IS THE EXPOSURE OR RISK?
It is very important for anyone shopping online to know the risks involved when giving, for example, their debit card information to a website that they have never heard of. Giving out information to a fake website, or even a real website that is not set up with security in mind, can lead to financial loss or identity theft. Credit card information and personal data can be leaked even after the holiday season ends, leading to further, unforeseen damage. The risk does not necessarily end with online shopping, as there have been instances where attackers have successfully gotten information from point-of-sale machines. Additionally, leaving your Bluetooth or Wi-Fi settings on all the time can be enough for someone to steal your information without you actively doing anything. Extra preventative measures should be taken during this time of the year.
WHAT ARE THE RECOMMENDATIONS?
Barracuda highly recommends proceeding with caution, regardless of your holiday season plans and online activity. Find our list of recommendations below, to help assure you all stay safe and protect yourselves this holiday season
Be cautious, and pay attention to detail when shopping online. Look at the names of any websites, or e-mail addresses you receive deals from. Check for any:
- Bad Grammar
- Weird looking or incorrect company logos
- Deals that are too good to be true (No one is selling you an iPhone for $20).
- Stick to websites that you trust and use regularly.
- Avoid clicking on links that are sent to you. Typically, if a company is having a sale, you can probably find it just by looking it up on their website.
Be overly protective of your payment information.
- Enable purchase alerts for your credit cards. This is a great way to confirm that all purchases made using your information, are actually being made by you.
- Don’t save your payment information on retail websites. This time of year, attackers could be looking into accessing retail site accounts, and your information could be exposed if they succeed.
- Use third party payment methods: This includes services like Apple Pay, Google Wallet, PayPal, etc. Some credit card companies even offer the ability to create a temporary credit card number, meant to help customers shop safely online.
- Do not make purchases while on public Wi-Fi: The less data you transmit on public WiFi, the better. Make purchases on your home Wi-Fi network or using cellular data.
Do your research on any charity you are giving money away to.
- There are services such as Charity Watch which can provide you with information about charities to make sure they are legitimate.
- Be stingy with what information you actually give away. There is no reason for a charity to ask for your Social Security or bank account numbers.
Stay safe and have a happy holiday season!