We’re in the midst of the holiday season and its accompanying shopping frenzy. In our modern age of technology, more and more consumers are avoiding the crowds and long lines and turning to the internet to purchase their gifts. In fact, Adobe’s new, “2016 Holiday Shopping Report,” predicted more than 57 consecutive shopping days this season that will bring in $1 billion of online revenue each. Online sales are expected to grow by 11% in 2016, reaching over $91 billion total.
That means as hundreds of millions of consumers choose the convenience of online shopping and scour the internet for the must-have gifts of the season, hackers are also “shopping” for opportunities to launch attacks and collect data they can monetize.
As we have been preaching all year, cyber-attacks are increasingly sophisticated and complex. And hackers love taking the path of least resistance to get the job done. Adobe’s research indicates that 74 percent of all online holiday sales come from just 1% of products. Cybercriminals try to focus their malware, social media ads, or even email spam campaigns on products that are most likely to attract shoppers’ interest. And with only 1% of products generating a vast majority of revenue, it makes a hacker’s job to narrow the field pretty easy. Here are some of the most common tactics being used online today:
- Malware that is introduced to a device during the course of normal Internet browsing, either by the user clicking on an advertisement that directs them to a website that distributes malware, or by a drive-by download without stopping to click or accept any software. Never having clicked on an ad, shoppers have no idea where or how they were infected.
- Display ads on social media apps that can execute a drive-by attack when shoppers click on these ads that appear to be legitimate, but then actually direct them to malicious websites.
- Email spam using social engineering tactics to deliver emails that may include a trusted name and a logo and a call to action that is familiar to recipients, such as a notice about a recent order, or a delivery tracking number. These familiar looking emails provide a false sense of security and entice recipients to click on malicious links contained in the email.
How do you protect yourself? By being extra cautious while doing any online shopping. You can dramatically reduce the risk of being victimized by following a few basic internet security best practices:
- Make sure to update your operating systems and software (on both mobile and non-mobile devices) and ensure they have the latest security updates.
- Install an ad-blocking software or plug-in to protect against the threat of malware.
- Think before you click on any ad.
- Try to purchase all goods by navigating directly to the merchant’s website instead of being redirected from a social media ad or an email offer.
- If you are using a mobile device, make sure your apps are downloaded from a trusted source, such as the Android Market, Apple App Store or Amazon App Store.
- A secure network connection is ideal. Public Wi-Fi can be hacked by someone with the right tools, compromising your passwords, billing information and other sensitive data.
Let’s take the joy out of the holidays for hackers. With increased awareness and a deeper understanding of how attackers go about their ‘shopping’ we can take some relatively simple baseline measures that can go a long way toward protecting against cybercrime this time of year.