It’s the holiday season, a time when cybercrime exploits the bad habits of incautious internet users exponentially. The issue is compounded by the fact that during the Christmas holidays, more than other times of the year, a growing number of internet users make and plan their shopping online utilizing mobile and social networks.
More than half of visits to shopping sites — 54 percent — will come from smartphones and tablets, surpassing desktop computers for the first time, according to Adobe Analytics’ annual suite of online holiday retail predictions. Which incentivizes hackers to focus on mobile apps.
Indeed, according to the new Q3 2017 Cybercrime Report from ThreatMetrix, the third quarter saw a record 171 million cyberattacks worldwide. That’s a staggering 32-percent increase from just the beginning of the year. According to Deloitte, 55 percent of consumers plan to shop online, mostly hunting for steep discounts and free shipping.
- Be aware of holiday phishing, especially on mobile devices. During that period, the number of malicious emails that serve malware as an attachment or that contain a links to compromised websites increases. Phishing messages propose special offers, taking advantage of the holiday period that’s characterized by a spike of online shopping. As usual, cyber criminals attack customers of banks and other financial institutions by asking victims to confirm information related to their account for security purposes and to verify purchases.
- SMiShing, a variant of phishing that exploits Short Message Service (SMS) systems instead of email to send malicious messages, is a growing threat as well. What is Smishing? Messages direct victims to visit a website or call a phone number, at which point the person being scammed is enticed to provide sensitive information, such as credit card details or banking credentials. Malicious shipping notifications belong to this category of scam. Cybercriminals use it to send out fake messages to update customers on the status of their shipments. Holiday shoppers are placing numerous orders online and tracking a lot of packages – text messages that offer shipping information can be dangerous.
- Holidays are party time. Private events or company holiday parties are very common during this period. The Wall Street Journal estimates 9 out of 10 companies will throw some kind of holiday party this year, spoofed invitations present another great holiday-themed attack opportunity for cybercriminals to craft phishing emails.
- Almost every Wi-Fi hotspot is insecure. Doing online shopping on them can lead to exposing user accounts to identity thieves and scams. Be aware, antivirus and similar software won’t protect you on an
- Password hacking via a variety of different techniques to try to steal account passwords from users. Social engineering (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes), phishing and brute force attacks are very popular, especially during the holidays. Users often adopt weak passwords, the problem is especially serious on mobile devices (the easier the password for a user to enter on a mobile device).
- Often fake offers for gadgets such as iPhones, iPads and electronics attract victims through fraudulent websites. Scammers exploit holiday shopping frenzies to spread bogus offers on attractive products thought spam campaigns via mail or through social networks. These deals spread malicious links to compromised websites that serve malware, or could contain malicious attachments. Security firm Bitdefender Labs observed an increasing number of fraudulent websites such as fake hotels and fake banks, reproducing legitimate emails to lure visitors during the holidays.
- Holiday themed games can be a trap as well… elf bowling might be malware lurking. This type of scam could hit mobile users as well as desktop systems. Or if a “free” version of a game seems too good to be true; “free” full-version downloads of Grand Theft Auto or the popular apps like Angry Birds, can be trojanized with tools commonly available on the underground market.
- And then there are fake charities. During the holidays, people are willing to donate more than at any other time of year, and it is fairly quick and easy for cyber criminals to spin up a legitimate looking website to tug on heart strings. Setting up bogus charity sites to receive donations and sending out compelling emails is simple. In some cases, cybercriminals replicate legitimate charity sites to steal credentials and other personal information from users.
- Even a holiday card could be harmful. Electronic greeting cards are another way cyber threats become serious during holidays. E-cards that look legitimate could be used by attackers to serve malware or malicious links to compromised websites. Smartphone, tablets and PCs are all equally exposed to that type of attack.