With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cyber criminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.
For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.
According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk of 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.
Let’s take a look at the biggest threats that you should be aware of.
Malvertising: A growing threat
Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.
Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.
Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.
Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.
Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.
Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have a good commercial antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.
One of the most dangerous threats this season is Phishing. Phishing occurs when cyber criminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.
This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.
The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter, and that retail /service was the most targeted industry sector, with payment services close behind.
To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.
When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.