With close to half of Americans planning to shop exclusively online for the holidays, starting this Black Friday, cybercriminals have been provided with an even larger hunting ground - and an online security expert's tips could help keep you safe.
Adobe Analytics, an artificial intelligence (AI) and machine learning (ML) driven platform, has predicted that the e-commerce market will turn in over $189 billion over the holidays. With this large volume of online shopping transactions, no wonder hackers and cybercriminals are looking to get a slice of the pie - with other people's personal information.
To help keep buyers safe, Nevin Markwart has provided TechTimes with safety precautions while online shopping over the Black Friday weekend. Markwart serves as the Chief Information Security Officer at FutureVault, the world's leading cloud security platform. The Ontario, Canada-based company offers white-label, software as a service (SaaS) solutions for information handling and safety.
"With so many consumers shopping on the internet this year, we expect a surge in scams. Criminals in this space are constantly inventing new ways to steal from you," Markwart explains.
Public Wi-Fi: When Free Isn't Always Good
With the "anytime, anywhere" convenience offered by online shopping, most people go ahead and make their purchases, even in public networks. Markwart explains how cybercriminals exploit public Wi-Fi networks, positioning themselves strategically between the connecting device, the shopper, and the network's access point. A device called "WiFi Pineapple" acts as the man in the middle, mimicking a local Wi-Fi and allowing you to connect through it. As you pass through this "Pineapple," it allows the operator of this device to view all traffic in clear text - posing a significant threat to all unencrypted data it scans.
READ ALSO: Hackers Can Use Wi-Fi To See Your Tinder Photos And Likes
However, other sites recommend the use of virtual private networks (VPN) before connecting to public Wi-Fi networks. A VPN allows its users to remain private and anonymous, masking your device's IP address before connecting online. While it works, it is still not entirely foolproof. "Trouble is, you might forget to enable the VPN leaving you vulnerable," Markwart noted. "Best practice is to leave your smartphone WIFI disabled except when you are within range of a trusted and secure wireless access point."
Protect Your Organization From Phishing
Aside from personal devices used in public places, a significant volume of cyberattacks occur within business settings. In fact, a 2018 study explored the susceptibility of employees in a workplace setting, emphasizing workplace norms and routines that can affect the information processing strategies and thus, help employees better filter out phishing attempts.
Additionally, a report from the Federal Bureau of Investigation's Internet Crimes Complaint Center report for 2019 revealed that cybercrimes in the United States resulted in almost $3.5 billion in reported losses. Forbes also reported last year that Black Friday cyberattacks increased by 275%, or almost three times the average.
Among these cyberattacks, one of the most common avenues used by hackers is the business email compromise - a strategy that relies on email fraud to attack organizations. It includes invoice scams and spear-phishing to steal information from unsuspecting employees. Markwart notes that vigilance is key - never click links "for which the user is unaware of the email sender and/or the URL destination of the link."
The FutureVault tech exec also added: "Check the email sender field and be sure the sender is familiar and that the email address name and domain exhibit correct spelling." A nifty practice in checking links is to use the cursor and hover above - do not click - the link. It should be familiar to the user and, more importantly, has the correct spelling. For example, a link to the online e-commerce site Amazon.com should not link to amazom.com.
RELATED ARTICLE: [BEWARE] Microsoft Warns About Huge Coronavirus-related Phishing Attacks
