You put a lot of effort and focus on keeping your business secured against threats like phishing scams, but when was the last time you stopped to consider what you’re doing to protect yourself? While it’s true that a big chunk of cybercrime is perpetrated against businesses, individuals can easily become targets, too. Especially around the holiday season.
Online shopping is a massive industry year round, but when it comes time to start crossing names off of your Christmas list, even infrequent online shoppers are turning to the Internet. Whether you just want to avoid the three-ring circus that is the local mall come December, or are searching for that perfect gift you just haven’t been able to find in a store, online shopping is a great alternative. Especially when Black Friday and Cyber Monday roll around.
As the name implies, Cyber Monday is strictly online deals, which makes shopping from your laptop, smartphone, tablet, or PC a necessity. By now, you’ve probably already seen more than your fair share of banner or sidebar ads and emails informing you of the can’t miss special offers up for grabs this year. But how sure are you that all of the ads and emails you’ve viewed or clicked through on are legitimate deals and not a nasty phishing scam?
You know – or at least have a pretty good idea of – how to spot and avoid phishing attempts that find their way into your work account’s inbox, but how diligent are you about your personal account? Would you know that the latest email from Target or Amazon isn’t actually from Target or Amazon? Those same sneaky spoofing tactics cybercriminals use to trick businesses are used against consumers, and if you’re not careful, you could find yourself the holiday season’s next victim.
It’s estimated that 2 out of 5 consumers still fall for spoofed versions of trusted brand’s websites, despite the fact that 91% of consumers know these spoofed emails and sites are out there. Nearly 20% of consumers who’ve fallen for a scam in the past have fallen for one more than once, with varying consequences:
Cybercrime Doesn’t Have To Take The Fun Out Of Cyber Monday
Creating fake email addresses and websites that very closely mimic the real thing are the most common means of pulling off a phishing scam against a consumer – both for Cyber Monday and year round. The typical types of alterations to known addresses and domain names include:
The goal with these alterations is to fool consumers at a passing glance, tricking them into clicking on embedded links that lead to a fake website. From there, you’re prompted to log in to a pre-existing account with a popular online retailer or create a new one. Either way, the hacker behind this particular scam gets access to your password, your payment information, and any other personal data it can grab from that account or track down elsewhere using the information you’ve given them. This also leaves you vulnerable to identity theft and other cyber crimes.
A cybercriminal can use your credit card information to do some shopping of their own, and by the time you realize charges are being made to your account that aren’t really yours, it’s too late. Now it’s weeks before Christmas, and you’re stuck canceling cards and filing paperwork for fraud protection. And even if the hacker doesn’t use your information themselves, they can sell it to someone else who will.
If a phishing email doesn’t lead to a spoofed site, odds are the hacker was looking to get access to your device. They might use an embedded link to infect your laptop with malware or spyware, either to steal personal or financial data or just to crash your system and delete your files. Whether the intent is malicious or mischievous, you will not enjoy the outcome.
But knowing what the risks are and what these scams look like can go a very long way towards keeping yourself safe online. Education and training is a hugely important part of business cybersecurity practices, and it’s just as valuable outside of the office as in it. A target is a target, and any information a hacker can get their hands on without having to work all that hard for it is worth their attention.
The best way to avoid falling for a phishing scam based around an online retail offer is to never click on ads or links, but go directly to the company’s website and search for the deal there. If something seems like it’s just too good of a deal, it probably is.
Want to learn more about what you can do to browse and shop safely this holiday season? Contact Hill Tech Solutions at firstname.lastname@example.org or (410) 671-5780. We’re the cybersecurity professionals businesses in Baltimore, Bel Air, and Abingdon trust.