By Richard Arneson
We’re entering the holiday season, which used to mean trips to the mall, circling the parking lot for a spot within a hundred yards of the door, and trying to get the clerk to accept a coupon that expired a year ago. But that’s all changed. Now it’s about trying to remember passwords on your computer, hoping your Internet provider’s network will hold up during a storm, and trying to figure out where and how to enter a coupon on Amazon’s website. But, best of all, your holiday shopping can all be done while planted in front of the TV and watching football.
But with the ease of the shopping experience comes the art and evil of phishing. And in the last twelve (12) months, phishing has tripled. Because retailers are especially vulnerable, you can count on those numbers rising in the coming months.
Think before you click
The primary reason retailers are so susceptible is because their customers (yes, all of us) are ripe for the picking, at least those ones who don’t carefully inspect the origin of emails or the URLs they visit after clicking on any imbedded links. For instance, you might think you’ve gone to Walmart, but upon careful inspection the URL may be Walmart.us.com, but the copy will look like the real thing. All they want is for you to make that one (1) simple purchase, then enter your credit card info. Once they have that, it’s holiday time for the scammers. They’ll enter the real site, order goods with your credit card and, after you’ve disputed the purchase, the retailer credits your account and the bad guys get the merchandise.
The newest targets
One of the many reasons phishing is up is due to their newest target demographic—younger consumers whose first credit card may be burning a hole in their wallet. And where do you go to phish for new victims? Yep, the sites they use on a regular basis. Now many retailers are selling their products through alternate channels, like SnapChat and Facebook. In fact, Instagram has been the phisher’s favorite new vehicle of choice due to its relative infancy in that marketplace.
A recent study on the number of fraudulent retail websites found that there are three times (3X) more of them than there were a year ago. Why? Because phishing is working especially well on the aforementioned sites. When scammers send out millions of emails, their odds are pretty good that at least a few will haphazardly fall for it. And that’s all they need.
Quick Tips for protecting yourself against Phishing
- Utilize an anti-virus product that is capable of detecting fraudulent and malicious websites, or what they may refer to as anti-phishing technology in their marketing materials.
- Type in the URL of the retailer’s website. This will ensure you’re heading to the right place. I know, it’s easier to click on the link, but typing it in will only cost you a few additional seconds.
- If you’re ever questioning a site’s authenticity, type in a fake password. If it’s accepted, trouble’s lurking—they’ll accept anything for the password. Close it out and delete your browsing history.
- Also, regularly inspect your credit card and bank statements. It’s not fun reading or an activity you’ll look forward to, but careful inspection is one (1) of the best medicines.
- When you see all CAPS in the subject line, you’ve probably received a phishing email. Why scammers like ALL CAPS is unclear, but it’s a common practice.
- Check that the e-commerce site you’re visiting begins with https://, not http://. The S is for Secure, meaning all communications between you and the website are encrypted.
- Look for misspelled words or really, really poor grammar. You won’t need an English degree to spot it—it’ll dramatically stand out.
- If you’ve entered a site and the images are of poor quality or low resolution, you’re probably on a fraudulent site. You won’t see butchered images on the websites of reputable retailers.
Most want to get their holiday shopping done as quickly as possible, especially at a time when football is heading into the postseason. But taking a little extra time and care prior to opening an email or navigating a website will help make the holiday season a more enjoyable and less stressful affair.
Got question? Call on the Security experts
To find out more about phishing, cybersecurity and the many threats that may soon target, or are currently targeting, your organization, contact GDT’s tenured and talented security analysts at SOC@GDT.com. From their Security- and Network Operations Centers, they manage, monitor and protect the networks of some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.
Read more about network security here: