As consumers gear up for Cyber Monday, the largest online shopping day of the year, cybercriminals are also preparing to take advantage of deal-seekers. IBM X-Force researchers are monitoring malicious activity closely to help organizations and consumers stay safe during the holiday shopping season.
Researchers have already seen cybercriminals actively masking malicious malware in emails to consumers disguised as major retailers sending out Black Friday and Cyber Monday deals and package shipment tracking details. When a user clicks on the package tracking URL, instead of going to the retailer, they download a malicious malware such as Locky Ransomware, which can lock a user out of their computer and encrypt all of their files, requiring them to pay a ransom to regain access. At one point, this phishing campaign comprised more than 45 percent of all spam activity monitored by IBM X-Force.
IBM Security has created some tips for consumers to follow to stay secure while shopping online:
Beware of Unexpected Package Tracking Emails: Be cautious of unsolicited emails. IBM X-Force has identified massive campaigns distributing Locky Ransomware. At one point, the campaign was 45% of all spam activity analyzed by the team.
Caution with Coupon Codes: If the discount looks too good to be true, it likely is. Promo codes from untrusted sources require caution. Don’t click links to copy the code, instead copy it and use it directly on the retailer’s website (even if it’s a retail brand you trust). If you MUST click a link in your email, before doing so, hover over the URL and make sure it’s taking you to the website.
Opt for Credit Over Debit Cards: Use credit cards instead of debit card, when possible. Credit cards offer consumers more protections if the card is compromised, and won’t impact your checking account during the holiday season if there’s an issue.
Use Unique Passwords for EACH Online Store: Never reuse the same password on different websites, especially retailers. Instead, create a unique passphrase for each website you shop on, for example, something like “longpassword123”. Same goes for loyalty cards, create a unique password for these accounts too.
Shopping From The Office? Don’t use your corporate email address when making online purchases, and never ever use the same password you do for your corporate login. It will put your employer at risk.
Only Use Trusted Apps: Only download shopping apps directly from the trusted app stores such as iTunes and Google Play. Be especially careful of discount deal apps, especially ones you’ve never heard of. Before downloading the app, check the number of reviews and ratings. If it doesn’t have any reviews or ratings, or a very low number, don’t download it. It might be fraudulent.
Use A Special Shopping Email Address: Have a separate email address for shopping or deal websites. It’ll help you identify sneaky spam that might bypass spam filters and protect your trusted account.
Don’t Save Your Info: Never save your credit card information in retail sites and web browsers. It might make purchases faster, but it could put your card number at risk if the retailer is compromised.
Consider One-Time Use Credit Cards: When buying from a non-trusted or entirely new retailer, you can avoid putting your personal credit card data at risk by acquiring one-time use credit cards from your bank or pre-paid credit cards. You could also purchase gift cards directly from the retailer you’re planning on shopping with.
Get Creative With Password Reset Questions: When filling out account information, opt for the password reset question that isn’t public. For example, don’t use the street you grew up on, as it could be found online. Instead pick something that can be an opinion question (favorite movie, food, etc). OR alternatively, you can even make up your answers, so only you know.
“Consumers needs to be diligent during the holiday shopping season,” said Caleb Barlow, Vice President, IBM Security. “Cybercriminals are trying to entice consumers to click suspicious links by offering deals and tapping into their curiosity. It’s all about following some security basics to keep shoppers safe this shopping season.”