News & Views
Avoid gifting data
Sales such as Black Friday and Cyber Monday provide cybercriminals with increased opportunities to execute cyber attacks on unwitting shoppers and retailers. But, put commercialized sales dates aside, and retailers remain an easy target for cybercriminals looking to steal credentials to make a profit, warns Jose Miguel Esparza, Head of Threat Intelligence, Blueliv (https://www.blueliv.com/).
From ransom, through to selling sensitive information on the dark web, there is nothing an attacker will not do to ensure they get a return on investment. Retailers and customers should be vigilant about fraudulent domains and spoofed websites.
“Web skimming is also now highly prevalent as a means of stealing credit card information and credentials, so shoppers, and retailers alike, should also be wary of payment pages on websites that may have been compromised in order to steal payment information,” says Esparza.
Consumers can be easily caught out through phishing scams directing them to alternate sites and should think before they click, going directly to the retailer’s site rather than via third parties. Consumers should be aware of falling foul of the varying social engineering techniques such as this, pretexting and baiting whereby Baiters may offer users free music or movie downloads, if they surrender their login credentials to a certain site.
“Retailers of all sizes should keep security front of mind at all times, but particularly as they prepare for increased demand on their website, mobile apps and POS devices,” says Esparza. “Cybercriminals will use all manner of tactics including malware infections, phishing, DNS hijacking, leaked databases, web skimming and social engineering, so consumers and retailers alike should heed much the same advice to avoid information falling into the wrong hands.”