Shopping for that perfect Christmas present is exciting, though consumers often let personal security fall by the wayside as they bargain hunt for the best deals available. But as the shopping season gets underway, the risk of cyber attacks and cyber scams increase.
Online holiday spending will be higher this year than last. But as consumers get ready to surf and shop the Internet, SpiderLabs, the security team within Trustwave, is warning shoppers about a new potential cyber scam aimed at stealing credit card data and other personally identifiable information.
This year consumers should be particularly wary of social networking-based scams, such as coupon codes, that provide links for heavy discounts at popular stores or for popular toys.
With many more consumers using social media such as Twitter and Facebook, this type of scam can quickly spread via innocent Tweets and Facebook posts by bargain hunters who believe theyre providing friends with legitimate money saving opportunities. Clicking on the link could send the shopper to a site before redirecting them to the real online store that contains drive-by malware or botnet installation, which could lead to all sensitive data and user activity on the consumers personal computer being harvested.
This could easily pop-up and become viral on social networks and increase the number of people affected, said Nicholas J. Percoco, senior vice president and head of Trustwaves SpiderLabs. This type of activity could happen at any time, but around the holidays people are looking for the best deals and could become easy prey.
Below are several best practices to follow when shopping online to help avoid this and other types of scams:
Links provided in e-mail, IM, social media and other communication mediums should not be trusted. If contacted via any of these online mediums with live links, do not provide any information. Instead, visit the retailers Web site directly, on your own, to find out if they in fact have the special or deal being advertised.
During the checkout process, a consumer should never be asked for information other than billing, shipping and credit card information. If asked for government identification number, drivers license number, mothers maiden name, debit card PINs, etc, it is either a scam or the transaction is being tampered with by a possible data harvesting malware on the consumers computer.
Do not inherently trust online communication more than a random phone call or random stranger on the street.
If someone calls and asks for personal information or credit card information, just say no. Once personal information is provided, it cannot be retracted.
If any personal information or password has been provided, notify all potentially effected accounts immediately. In the case of online bank accounts and similar other online systems, change passwords and contact the administrator of the system immediately.
After investigating more than 1000 cases of stolen credit card information from businesses including e-commerce sites, Trustwave has developed a list of general best practices for online shoppers to ensure their information is secure. The following list represents trust indicators that consumers should try to identify on Web sites before beginning their shopping experience and before they enter any personally identifiable information on the site. Identifying the presence of these trust indicators will help shoppers protect their identity and ensure their credit card information is secure throughout the transaction process.
SSL Certificates: Encrypts personal information from a web browser to the sites server. The presence of an SSL certificate can be identified by a lock in the web address bar and an s after the http in the web address bar. An EV SSL certificate, an enhanced SSL certificate that includes a rigorous process to validate the organisations identity, can be identified by the web browser address bar turning green.
Review return policy: A page on the web site should provide information on actions to take should a good arrive damaged, defective or not usable.
Reputation: Consumers should research the e-commerce site to ensure they are shopping with a reputable company with which other shoppers have had good experiences.
Company Information: Confirm the e-commerce site has a physical location and valid phone number should there be a need to make actual contact.
Web site trust indicator: Site seals, when clicked, provide current information about an underlying certification and reassures shoppers that the e-commerce site abides by certain requirements or standards, similar to Trustwaves Trusted Commerce seal. If the site seal is not clickable or does not render, Trustwave recommends that consumers avoid shopping at these sites.
Should a consumer experience a fraudulent charge on their credit card, they should call their card issuer immediately and tell them about the charge. More often than not, consumers are not held liable for those charges.
Cyber scams and attacks are not limited to the festive shopping season; cyber thieves can strike at any time, said Robert J. McCullen, chairman and CEO of Trustwave. Consumers should follow these best practices throughout the year to help ensure their personal information and card data remain secure.