As the gentlemen from Armor’s Threat Resistance Unit (TRU) say, “A threat to one is a threat to all.” This is especially true during the next six weeks of online shopping madness.
TRU is already witnessing threat actors and cyber criminals in the underground forums ramping up activity to target different retail websites during Cyber Monday traffic. To avoid becoming a holiday victim, follow some of the precautions TRU outlined in their weekly video.
- Avoid using corporate hardware to make personal purchases on Cyber Monday; this could serve as an easy avenue into corporate environments
- Look out for objects that look out of place on websites; this can clue you into a site that may have been infected with malware that has compromised the use of iFrames
- Verify that emails aren’t clever phishing attacks
- Ensure machines are using the correct Java versions; outdated Java scripts are easily exploitable by even novice hackers
- Confirm SSL certificates on retail websites are valid and encryption keys are up to date
- Do not send credit card information over unencrypted networks (when in doubt, look for the “https” before the URL) ; for the extra cautious, click on the lock to confirm the name and validity of the issuing certification authority (CA)
- Avoid public Wi-Fi hot spots, which are easy to pirate and then leverage for malicious use
Be safe out there during the holidays.