Cybercriminals Shopping For Consumers During Holiday Season -- Security Today

Cybercriminals Shopping For Consumers During Holiday Season

By Bradley Anstis
Nov 23, 2010

Cyber Monday is a term originally coined in 2005, when upon returning to the office after the extended Thanksgiving break, consumers hit their company’s high-speed Internet to start online shopping for the holidays.

While most consumers these days now have high-speed Internet available to them at home (or on their phone, or at their local coffee house) Cyber Monday has quickly become its own “holiday of shopping.”

Last year, according to the National Retail Federation, more than 96 million Americans shopped online the Monday after Thanksgiving -- and approximately 52 percent of all purchases were made from the workplace. While the obvious call for concern for corporations across the globe is the decrease in work productivity, the greater risk is the harm that these shoppers may be doing to their company’s networks, and the security risks corporate IT departments need to consider.

In the past, the threat of malware and viruses was mainly from adult-oriented and gambling websites; companies could easily block these sites completely, eliminating the security concern. The issue today is that up to 85 percent of all infected websites are “legitimate” websites that can harm a corporation’s network.

Unsuspecting employees can click on a link that appears to be advertising a great deal on shoes or toys and unknowingly infect their computer, or the system’s entire network. The Cybercriminals’ purpose is to infect as many victims as possible. To do that, they try to drive as many potential victims to their website through techniques such as Search Engine Optimization where a consumer might do a search for cheap watches and the Cybercriminal’s infected website might rank very highly in the search results, or they send out Spam messages with a link to the infected website.

These blended e-mail threats are very effective at making a deal sound so good and legitimate that consumers click on the link even though they never asked for the email in the first place.

Cyber Monday Predictions
ISACA, the leading non-profit information organization, recently released its predictions on behaviors and patterns for Cyber Monday and the entire 2010 online holiday shopping season. According to the organization’s survey-based predictions, there is good news along with worrisome predictions for the season ahead.

With the economy still in a slow recovery, the number of online shoppers in general is not expected to rise more than 5 percent from last year. From that, it’s being predicted that the number of consumers who plan on using work-supplied devices such as smart phones and computers to shop online will decrease dramatically -- 23 percent vs. 52 percent from last year. But corporate IT departments shouldn’t think they are off the hook, because while there will be less shopping, unfortunately consumers are going to be taking higher risks such as clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work email addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009).

Rise In Fraud
Online fraud is being perpetrated around the clock, 365 days of the year. It just so happens that because consumers are highly marketed to on Cyber Monday that they are more likely to be searching for the best possible deals around. This makes this time frame highly valuable for cybercriminals.

While consumers are used to looking out for frauds such as fake products or products that are not made from quality materials, in a time of belt-tightening consumers are more apt to shop rogue websites (for example, a site that sells highly valued shoes at what consumers would view as a "steal" of a deal). Throw in the growth in social shopping or daily “coupon deal” companies, and consumers are facing much more confusion on what is considered a legitimate site.

While it would seem that the obvious answer to this issue is to block all personal access to the Internet from the company’s network, currently only 11 percent of corporations do that. The rise of employees using their own personal devices for work functions in addition to the variety of devices people use to communicate today leaves this task virtually impossible. Additionally, the benefit of allowing employees to have access actually increases productivity and morale.

Educating Employees
The saying "if it's too good to be true, then it probably is" holds true. There's no such thing as a free lunch, or a free iPhone. Remind your employees of this. Give examples of how spammers can spoof a legitimate website’s email template and make it look authentic.

If an e-mail arrives in their inbox that reports on a sale, they will be more likely to analyze it thoroughly. If possible, recommend employees go directly to the website without clicking on the link in the email to verify the authenticity. (Better yet, recommend that employees first Google the website in question, if they’ve never heard of it -- often times, fraudulent websites are trending topics.)

If it's a specialized link, be sure to mouse over them first rather than blindly clicking on it, as links can be made to look legitimate but actually lead to a malicious page or phishing site.

While fraudulent products are always a concern, most cybercrimes involve banking/payment with the manipulation of the payment transaction. The consumer assumes they are placing a transaction with a legitimate party, providing their personal and credit card information over a secure transaction page without thinking about what this party might do with their information, or who else might get access to it.

If a payment transaction service like Paypal is being used, are you sure the page displayed is Paypal? Will you even get the goods? The best way to combat this is to remind employees to check with their bank to see what coverage they have for online shopping using their card in case of fraud, or perhaps change to a card that has good fraud protection coverage.

Also note that fraud goes beyond malware and stealing money and into what is done to your private information after the transaction is complete. No deal is a good deal if personal information is compromised. Consistent education and communication with your employees on these matters will help keep your network -- and your employees -- safer.

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West
Live From ISC West 2024: Post-Show Recap

ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now
- Industry Events
- ISC West
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

ComNet CNGE6FX2TX4PoE

The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3
Hanwha QNO-7012R

The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

Cybercriminals Shopping For Consumers During Holiday Season

ISC West 2024 Welcomed More Than 29,000 Attendees

Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution

Allegion US Features Interoperability, Mobile Credentials and More at ISC West

Altronix Showcases Products to Protect Critical Infrastructure at ISC West

Axis Communications Launches Axis Cloud Connect at ISC West 2024

Genetec Security Center SaaS Supports Direct-to-Cloud Workflows With Axis, Bosch, Hanwha, and i-PRO Devices

ASSA ABLOY Introduces Centrios, a New Access Control Brand for Small Businesses