Since November and December are prime time for last minute gift shopping and booking travel tickets home, consumers are more vulnerable to hacks.
The numbers are alarming. A recent study by ACI Worldwide projects a 14 percent increase in fraud attempts during the 2018 holiday season. As more shoppers turn to online shopping for the promises of amazing discounts, hackers are ready with spam emails, phishing software, and even fake applications.
A cybersecurity intelligence company has searched mobile app stores from all over the world, looking for those containing Black Friday and Cyber Monday in the search terms. More than 5.5 percent of the results were malicious apps featuring credit card number skimmers, adware, malware, and sometimes ransomware. With almost 40 percent of online transactions from Black Friday in 2017 coming from mobile phones, the threat is huge for 2018.
Besides scam mobile apps, a large percentage of holiday scams come from three major sources: online shopping, airline travel, and phishing emails.
Online shopping exponentially grows during the holiday season. Last year Black Friday brought in $5 billion in sales. With promises of 50 percent off sales or buy one get one free, it’s an online shopper’s paradise. And while we all flock to our favorite websites to look for presents for loved ones (and ourselves), hackers don’t rest during the holidays.
Between July to September of this year, hackers attacked online stores and unsuspecting shoppers 9.2 million times. Compared to the 11.2 million attempts todal of 2017, website hacks are becoming more common and will continue to grow this holiday season. Hackers often lure shoppers in with fake deals using dummy websites, auction listing, or ads that offer popular items way below market value. Shoppers click on the ads and instead of getting the great deal they were promised, they become susceptible to identity theft or bank fraud.
The holidays are the busiest travel time of the year. From Thanksgiving and Christmas, to New Years Eve, everyone is trying to make it home in time for the holidays.
In 2017, travel related fraud rose 37 percent, with holiday travel scams comprising a large part of the number. And the fraud doesn’t stop at third party site, huge airlines such as Air Canada have been compromised in the recent months, with sensitive traveler information stolen.
The most common forms of online travel related fraud are account takeover (when a hacker uses your password to hack into your travel account and steal financial information), URL-Jacking (when hackers use URLs linked inside of fake confirmation emails to extract personal information), and fake sites (when hackers set up fake sites that look like legitimate travel agencies to steal financial information).
But travelers aren’t only susceptible to hacking while looking online for flight tickets. Hackers are also turning to free WiFi and public charging stations to find their next targets.
Did you know that 91 percent of cyber attacks start with a phishing email? A successful phishing attack gives cybercriminals access to your device and network, and in turn your valuable personal and financial data.
The reason phishing attempts are so successful is that they impersonate ordinary emails most users receive on a daily basis: confirmations for online purchases, job applications, delivery notifications, security updates, and more. Usually these emails instill a sense of urgency, such as, Click in the next 24 hours to receive 50% off, so that users are more likely to react right away rather than let the email sit in their inbox. If you receive an email and the deal or offer looks too good to be true, than it probably is.
There are a lot of tips out there for dealing with fraud during the holiday season, but many of them put the burden onto the consumer to weed out fake deals. According to The Ledger, consumers should use strong passwords, be wary of the information they are sharing on social media sites such as Facebook and Twitter, and use caution if receiving a call from someone claiming to be from a bank or credit card company.
Other experts give the advice to avoid alternate payment options, like via Western Union, as sites offering these different payment choices are usually a scam. Users should also only shop on websites that have the extra ‘s’ in the URL (https vs http). The ‘s’ adds an extra layer of security, meaning phishing attacks and scams are unlikely. Shoppers should also be wary of the actual products they are buying, as toys and smart devices with poor security can lead to cyberattacks once you’ve already checked out and think you are safe at home.
Of course, another player has recently hit the field. With its promise of immutable security and anonymity, the blockchain technology might help users protect themselves and their data this holiday season. The blockchain not only ensures that data is encrypted, which means that modifying or accessing it without permission is nearly impossible, the new technology is also decentralized, meaning that it does not rely on one central point of control and is therefore more secure.
But while blockchain technology might be the most secure way for users to protect themselves from hacks, it probably won’t help this holiday season as it hasn’t achieved mainstream adoption yet. So while the future looks bright, for the holiday season this year, shoppers must remain vigilant so that their holiday gifts don’t turn into a hacked disaster.