Las Vegas, Nevada - Across the globe, consumers can expect over 50,000,000 cyber attacks to occur this holiday season, per a press release from the UK-based IT group, Dimension Data. The average consumers will lose between $50 to $5,000 per incident. That's quite a range.
E-commerce is booming, people have more access to the internet than ever these days and retailers have realized that traditional brick and mortar stores now come second to online storefronts in most people's mind. Granted, some people actually enjoy being among the holiday crowds at a busy shopping mall, personally, I'd rather self-immolate.
This year should be particularly bad. According to NTT Security's quarterly Threat Intelligence Report, phishing is up 74% - with over 1.4 million new phishing sites created each month.
Mark Thomas, a Security Strategist for global IT group, Dimension Data, says:
"Over the next six weeks, we'll see an increase in email phishing campaigns, ransomware attacks, banking trojans, as well as the emergence of fraudulent websites that promote special deals such as discounted holiday packages. Fraudulent gift cards, which may take you to an untrusted site or allow a download of a file to your computer that could compromise your device, will also become more prevalent."
One of the things that make these phishing attempts more believable - and something that we've admittedly been harping on - is the fact that hackers can easily procure a DV SSL certificate, install it and get their website marked "Secure" in Google Chrome. Critics will point out that these sites typically only stay open for a few hours and the risk is minimal, but that doesn't change the fact that while they are operating the presence of the DV indicator makes them more effective.
Then when you factor in that with some HTTPS interception tools and certain firewalls, legitimate websites are having their EV indicator stripped and you've got a legitimate problem.
Fortunately, Dimension Data has some tips for staying safe this holiday season:
Never use public Wi-Fi when making online purchases
Never open e-mails, click on links, or open attachments from unfamiliar sources
Ensure you download legitimate applications from known, trusted sources onto your devices
Never share your user names, passwords, or other personal information online
Use a password management system which allows you to securely store and manage all your credentials from a single location
Be wary of unsolicited emails that promise exciting offers, and don't open the attachments
Look out for the visible padlock icon on your browser to confirm encryption. This means the website you're purchasing goods from is a secure, trusted merchant
Use your credit card rather than debit card, and don't store your card details online
Ensure that your anti-virus and operating system patches on your mobile, tablet, laptop, and PC are up to date
Check your bank statements often and immediately report unauthorised or suspicious charges to your bank
If you're looking for something more expansive, here's a complete guide on how to spot a fraudulent website. I recommend giving it a read. I hear the writer is pretty handsome, too.