50 Million Cyber Attacks Will Occur this Holiday Season
‘Tis the season to be scamming.
Across the globe, consumers can expect over 50,000,000 cyber attacks to occur this holiday season, per a press release from the UK-based IT group, Dimension Data. The average consumers will lose between $50 to $5,000 per incident. That’s quite a range.
E-commerce is booming, people have more access to the internet than ever these days and retailers have realized that traditional brick and mortar stores now come second to online storefronts in most people’s mind. Granted, some people actually enjoy being among the holiday crowds at a busy shopping mall, personally, I’d rather self-immolate.
This year should be particularly bad. According to NTT Security’s quarterly Threat Intelligence Report, phishing is up 74% – with over 1.4 million new phishing sites created each month.
Mark Thomas, a Security Strategist for global IT group, Dimension Data, says:
“Over the next six weeks, we’ll see an increase in email phishing campaigns, ransomware attacks, banking trojans, as well as the emergence of fraudulent websites that promote special deals such as discounted holiday packages. Fraudulent gift cards, which may take you to an untrusted site or allow a download of a file to your computer that could compromise your device, will also become more prevalent.”
One of the things that make these phishing attempts more believable – and something that we’ve admittedly been harping on – is the fact that hackers can easily procure a DV SSL certificate, install it and get their website marked “Secure” in Google Chrome. Critics will point out that these sites typically only stay open for a few hours and the risk is minimal, but that doesn’t change the fact that while they are operating the presence of the DV indicator makes them more effective.
Then when you factor in that with some HTTPS interception tools and certain firewalls, legitimate websites are having their EV indicator stripped and you’ve got a legitimate problem.
Fortunately, Dimension Data has some tips for staying safe this holiday season:
Never use public Wi-Fi when making online purchases
Never open e-mails, click on links, or open attachments from unfamiliar sources
Ensure you download legitimate applications from known, trusted sources onto your devices
Never share your user names, passwords, or other personal information online
Use a password management system which allows you to securely store and manage all your credentials from a single location
Be wary of unsolicited emails that promise exciting offers, and don’t open the attachments
Look out for the visible padlock icon on your browser to confirm encryption.
Use your credit card rather than debit card, and don’t store your card details online
Ensure that your anti-virus and operating system patches on your mobile, tablet, laptop, and PC are up to date
Check your bank statements often and immediately report unauthorised or suspicious charges to your bank
If you’re looking for something more expansive, here’s a complete guide on how to spot a fraudulent website. I recommend giving it a read. I hear the writer is pretty handsome, too.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion:
- This holiday season over 50-million cyber attacks will occur
- Phishing was up 74% in Q3 2017, with 1.4 million new sites made each day
- SSL certificate are aiding in the efforts to phish by getting sites labeled “secure” in Google Chrome
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown