Category: Jeff Lanza’s Blog

Companies face an emerging threat: cyberextortionists. Hackers are increasingly stealing data from companies and holding it ransom.

http://blogs.wsj.com/riskandcompliance/2015/01/12/the-morning-risk-report-the-rise-of-cybercrime-extortion/

According to a June 2014 study by the Center for Strategic and International Studies, the likely annual cost to the global economy from cybercrime could reach $575 billion. It’s a big number. Here are five ways hackers will try to get you to contribute to it while you enthusiastically search for the best deals on Black Friday and Cyber Monday.

Hack #1 — Social Engineering – the process of manipulating people to give up private information.  Some of the most well publicized hacks in recent memory have been socially engineered. What’s more likely… Apple’s iCloud being hacked or someone (such as Kate Upton or Jennifer Lawrence) being tricked or willingly “lending” their password to someone?

If you are checking out on an obscure website this Cyber Monday and the site asks you to “confirm” the last four digits of your social security number, you’re about to be hacked.  No commerce site needs your social security number, not even the last four digits.  The request will look innocuous, you’ll be busy getting a deal on that awesome pair of rare Nike kicks, and you’ll be one step closer to having your credit card spoofed or worse. Countermeasures — Don’t give up more information than is absolutely necessary.

Hack #2 — Phishing – the act of defrauding an online account holder of financial information by posing as a legitimate company. Got an email from Amazan.com? Yeah, that’s not Amazon. Look closely. Thanksgiving is one of the heaviest phishing days of the year, because fewer people paid to protect you from phishing attacks are working. Phishing attacks are actually 336% more common on Thanksgiving, meaning you’re far more likely to receive a suspicious email in your inbox on Cyber Monday.

There’s a reason Gmail sent that email to your Spam folder. Leave it there. If you didn’t ask for it, don’t click on it! There’s no reason to give out your financial info because a scammer decided to send you a halfway decent-looking email.  Countermeasures — Carefully, carefully, carefully check who emails are from. If you’re not sure about a sender, it’s best to avoid that email and deal.

Hack #3 — “Scammer Grammar” and General Scamming Behavior – If a website features many misspellings and grammatical errors, be wary. No company that genuinely wants your business will rush to put up a listing that looks like it was typed by a third grader.

Beware of sites that require payment via wire transfer, or that require you to act immediately to secure the product. Consumer Affairs says, “Beware of ‘act now’ offers that tell you the seller is a soldier needing cash for possessions before deploying to a war zone or a recent divorcee wanting to unload her former husband’s belongings. These tactics are often bait to empty your wallet. Most of the time the items don’t even exist.”

Another big scam is the auction follow-up email hack. If you miss out on an auction or timed deal, ignore follow-up emails with the same offer. Scammers love to track auction sites and contact losing bidders to direct them away from secure buying environments. If you lose an item, move on to another auction. Countermeasures — Don’t shop on sites that look like they were designed by practitioners of phonetic writing or sites that would have looked awesome in 2004.

Hack #4 — Fake Black Friday Ads – Inauthentic Black Friday ads re-direct you to places you shouldn’t be, or may install malware/unwanted software on your computer.

Everyone’s looking for the best deals, so cyber criminals love to release fake Black Friday ads that trick you into visiting sites you otherwise wouldn’t visit. If you want to find great Cyber Monday deals, go directly to reputable websites, whether they’re vendors (Best Buy, Amazon, Walmart) or trusted third-party aggregators (BFAds.net).

To protect yourself against phony ads, don’t change up your browsing habits from the rest of the year. Go directly to websites instead of through Google. Walmart isn’t selling a 60″ HDTV for $97. If, by some miracle, that’s a real sale, you better believe it’s going to be front and center on Walmart.com.Countermeasures — Don’t search for phrases like “best Cyber Monday deals.” Don’t go to websites you’ve never heard of.

Hack #5 — Site Swap – Ambitious scammers build entire fake sites that look shockingly similar to popular retailers.  This is a more complicated hack, and sometimes the most convincing – so pay attention.   You will almost always get to a fake site through a search engine or a mistyped URL.  But sometimes fake sites are used in combination with email hacks.  The most sophisticated versions are single pages that actually link to the real sites so the information request looks more legitimate.

If you’re not sure about a link, there are a few great resources at your disposal. Sites like getlinkinfo.org or wheredoesthislinkgo.com will show you exactly where a suspicious link goes. Still not sure? It’s probably fake. Move on. The chance of landing a great deal is not worth credit card fraud or a credit score hit. Countermeasures — Go directly to retailers’ sites, rather than through search engines. Don’t click on links from any email you can’t verify.

Sufficiently armed with countermeasures?  I hope so.  This should be a wonderful holiday season for consumers and retailers alike.  There are great deals to be had on Ultra HD sets (they’ve come down 84% from last year).  I’ve seen amazing deals on phones and tablets, to say nothing of stunning array of wearables on sales this year.  Happy Thanksgiving from all of us at shellypalmer.com – practice safe computing and enjoy the holiday.