It’s the online shopping season and to think about holiday cybersecurity. Buyers beware! With supply chain issues and media attention, many are turning to online shopping for this holiday season earlier than normal. Online retailers are out to get their share of the pie, and bad actors are aware of this. I have seen multiple posts about online deals, or coupons that are likely malicious. I have also deleted multiple emails related to online shopping and false shipping notifications. Black Friday articles/links are a common malicious tactic to get you to click.
Malicious shipping-related emails or SMS text messages are also on the rise. It’s not just email, but text messages too.
I urge you to simply delete emails that are not work-related, or from someone you know. For the remainder of emails, be cautious. When in doubt, don’t click. If the odd-sounding email is from someone you know, call them. If it is from a business, go to their website directly and not through the email link.
Never click links on your phone, especially from a text message even if it appears to come from someone you know, as you have no way to hover over them and see where they really take you. Rarely is something so urgent that it can’t wait until you get to a PC to examine the link or such an emergency that you cannot take the time to navigate to the website manually instead of clicking, or call your friend and ask what it is they just sent you.
Also, please choose to use a trusted and secure payment system like PayPal when paying online. Many small retailers lack the security measures to protect their data to a high level. We even see large retailers getting breached every year as well.
When purchasing in person, ALWAYS choose the chip option if available. This creates a one-time use card number for the retailer so they do not end up with your actual card information. I would also recommend creating a separate bank account with a bank card to use strictly for purchases online or in stores.
——–
The holiday season also brings with it a November vulnerability hunting competition from the Zero Day Initiative called Pwn2Own where vendors pay rewards for finding vulnerabilities in targeted software/devices. In a few days’ time, $1,081,250 was awarded for 61 zero-day’s found in devices like printers, routers, NAS devices, smart speakers, phones, TV’s, etc from major manufacturers like Samsung, HP, Canon, Cisco, Western Digital, Netgear, TP-Link.
An event like this that finds so many exploitable bugs tells me a lot about the rest of the year when malicious teams are working hard to discover system bugs in software and hardware. Staying vigilant and aware is essential for lowering your risk! When updates are available for a device, please install the update ASAP. Set a reminder in your calendar to check for updates on devices that do not automatically check for updates. This should include EVERYTHING that is connected to your network.
Daniel Weatherly
