Cybercriminals Shopping For Consumers During Holiday Season

  • By Bradley Anstis
  • Nov 23, 2010

Cyber Monday is a term originally coined in 2005, when upon returning to the office after the extended Thanksgiving break, consumers hit their company’s high-speed Internet to start online shopping for the holidays.

While most consumers these days now have high-speed Internet available to them at home (or on their phone, or at their local coffee house) Cyber Monday has quickly become its own “holiday of shopping.”

Last year, according to the National Retail Federation, more than 96 million Americans shopped online the Monday after Thanksgiving -- and approximately 52 percent of all purchases were made from the workplace. While the obvious call for concern for corporations across the globe is the decrease in work productivity, the greater risk is the harm that these shoppers may be doing to their company’s networks, and the security risks corporate IT departments need to consider.

In the past, the threat of malware and viruses was mainly from adult-oriented and gambling websites; companies could easily block these sites completely, eliminating the security concern. The issue today is that up to 85 percent of all infected websites are “legitimate” websites that can harm a corporation’s network.

Unsuspecting employees can click on a link that appears to be advertising a great deal on shoes or toys and unknowingly infect their computer, or the system’s entire network. The Cybercriminals’ purpose is to infect as many victims as possible. To do that, they try to drive as many potential victims to their website through techniques such as Search Engine Optimization where a consumer might do a search for cheap watches and the Cybercriminal’s infected website might rank very highly in the search results, or they send out Spam messages with a link to the infected website.

These blended e-mail threats are very effective at making a deal sound so good and legitimate that consumers click on the link even though they never asked for the email in the first place.

Cyber Monday Predictions
ISACA, the leading non-profit information organization, recently released its predictions on behaviors and patterns for Cyber Monday and the entire 2010 online holiday shopping season. According to the organization’s survey-based predictions, there is good news along with worrisome predictions for the season ahead.

With the economy still in a slow recovery, the number of online shoppers in general is not expected to rise more than 5 percent from last year. From that, it’s being predicted that the number of consumers who plan on using work-supplied devices such as smart phones and computers to shop online will decrease dramatically -- 23 percent vs. 52 percent from last year. But corporate IT departments shouldn’t think they are off the hook, because while there will be less shopping, unfortunately consumers are going to be taking higher risks such as clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work email addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009).

Rise In Fraud
Online fraud is being perpetrated around the clock, 365 days of the year. It just so happens that because consumers are highly marketed to on Cyber Monday that they are more likely to be searching for the best possible deals around. This makes this time frame highly valuable for cybercriminals.

While consumers are used to looking out for frauds such as fake products or products that are not made from quality materials, in a time of belt-tightening consumers are more apt to shop rogue websites (for example, a site that sells highly valued shoes at what consumers would view as a "steal" of a deal). Throw in the growth in social shopping or daily “coupon deal” companies, and consumers are facing much more confusion on what is considered a legitimate site.

While it would seem that the obvious answer to this issue is to block all personal access to the Internet from the company’s network, currently only 11 percent of corporations do that. The rise of employees using their own personal devices for work functions in addition to the variety of devices people use to communicate today leaves this task virtually impossible. Additionally, the benefit of allowing employees to have access actually increases productivity and morale.

Educating Employees
The saying "if it's too good to be true, then it probably is" holds true. There's no such thing as a free lunch, or a free iPhone. Remind your employees of this. Give examples of how spammers can spoof a legitimate website’s email template and make it look authentic.

If an e-mail arrives in their inbox that reports on a sale, they will be more likely to analyze it thoroughly. If possible, recommend employees go directly to the website without clicking on the link in the email to verify the authenticity. (Better yet, recommend that employees first Google the website in question, if they’ve never heard of it -- often times, fraudulent websites are trending topics.)

If it's a specialized link, be sure to mouse over them first rather than blindly clicking on it, as links can be made to look legitimate but actually lead to a malicious page or phishing site.

While fraudulent products are always a concern, most cybercrimes involve banking/payment with the manipulation of the payment transaction. The consumer assumes they are placing a transaction with a legitimate party, providing their personal and credit card information over a secure transaction page without thinking about what this party might do with their information, or who else might get access to it.

If a payment transaction service like Paypal is being used, are you sure the page displayed is Paypal? Will you even get the goods? The best way to combat this is to remind employees to check with their bank to see what coverage they have for online shopping using their card in case of fraud, or perhaps change to a card that has good fraud protection coverage.

Also note that fraud goes beyond malware and stealing money and into what is done to your private information after the transaction is complete. No deal is a good deal if personal information is compromised. Consistent education and communication with your employees on these matters will help keep your network -- and your employees -- safer.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3