Tag Archive for: holiday

Customer Authentication Tips for Safer Holiday Shopping

/in


Auth-Sec-Tips-Safer-Shopping-Season-V2

The holiday shopping season represents a major chunk of annual revenue for retailers in virtually every sector. Per the National Retail Federation, sales grew over 14% to nearly $900 billion in November and December 2021; if they grow at the same rate this year, holiday retail sales will top $1 trillion in 2022. The holiday spirit, fueled by the rush to catch Black Friday bargains, has everyone spending, and $226 billion of these sales are happening online.

‘Tis the Season for Hacking

While it’s a great season for retailers, it’s also a cash-in season for hackers who take advantage of the hype. Their scams include fraudulent giveaways that harvest user details, fake firms that never supply goods or formjackers and card skimmers that insert malicious code into e-commerce sites. However, phishing, an old cybercriminal favorite, will still be the most prominent attack this holiday season. 

Phishing, especially with the exceptional rise in cheap and easy-to-use phishing-as-a-service kits, will disrupt plans, cost money and generally try to ruin the holidays for retailers and consumers alike. A typical attack sees the victim opening an email impersonating a trusted retailer, like Amazon. The email looks legitimate, except the link provided within it leads to a spoofed site where the attacker can steal the user’s login details and hijack their account. 

Why you Need Better Customer Authentication

Consumers are growing more aware of the dangers of online shopping. A recent survey by TransUnion found that the majority (54%) are concerned about being victimized by fraud this holiday season — up 17% from 2021. Confidence in the security of a retailer’s customer authentication processes directly affects consumers’ willingness to do business with them. The same survey reported a 40% increase in consumers stating that they would abandon a purchase due to lack of sufficient security. 

For retailers, providing more secure customer authentication isn’t just about allaying consumers’ fears, it’s about protecting their own business. A successful phishing attack on a customer can mean lost income due to redirected purchases and fraudulent orders, reputation damage and potential…

Source…

Here’s How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

/in


Holiday Hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities.

The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities.

Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to employer computer systems. With so many people shopping online, tracking shipments, and entering sensitive data across multiple websites, holiday hackers are primed and ready to attack your networks by taking advantage of your employees’ online actions and cell phone usage.

According to the FBI, the two most frequent types of holiday scams include non-delivery and non-payment crimes – when a consumer either pays for a product or service that is never delivered or products being shipped without the seller receiving payment. Cybercriminals are also keen on gift card fraud and auction fraud, as well as phishing attempts over email or text messages that disguise malicious links as purchasing confirmations, order tracking information, or shipment notifications.

This time of year especially, cyber criminals are relying on people being too distracted to realize that they have clicked on a malware link or entered their login credential on a fraudulent website.

The heightened number of cybersecurity threats around the holidays underscore just how important it is to have a comprehensive incident response (IR) strategy in place, protecting both your employees and your company’s digital infrastructure.

Building an Incident Response Strategy for the Holidays

A thorough incident response plan – which is essentially the cybersecurity policies and procedures used to identify, contain and eliminate attacks – is critical to business operations throughout the year. But because the holidays come with a unique set of cybersecurity threats, it is worth revisiting your plan to make sure it is “prepped” for the holiday season.

According to the SANS Institute, a comprehensive IR strategy is centered on six core objectives: preparation, identification, containment, eradication, recovery and lessons learned….

Source…

Android owners warned of hidden risk when downloading apps on holiday – The US Sun

/in


ANDROID owners have been warned the apps they download on holiday may not be as secure as at home – even if they look and feel exactly the same.

Most apps are available globally and appear completely identical no matter where in the world you choose to download them.

Apps aren't necessarily the same throughout

1

Apps aren’t necessarily the same throughoutCredit: SOPA Images/LightRocket via Gett

But experts have revealed that beneath the surface things could be functioning quite differently – and not necessarily for the better.

User privacy and security can vary considerably when using the same app from country to country, according to the University of Michigan.

A team investigated more than 5,600 popular apps and uncovered hundreds with hidden changes depending on country.

127 of them had so-called “geodifferences” in permissions requested.

iPhone and Android owners urged to delete DOZENS of dubious apps now
Android users urged to DELETE 'dangerous' apps that rinse your bank account

49 of these made requests which are deemed “dangerous”.

And more than 100 had very different privacy policies based on country.

Apps in Bahrain, Tunisia and Canada requested the most additional dangerous permissions, experts claim.

“While our study corroborates reports of takedowns due to government requests, we also found many differences introduced by app developers,” said study co-author Renuka Kumar.

“We found instances of apps with settings and disclosures that expose users to higher or lower security and privacy risks depending on the country in which they’re downloaded.”

The research also lifted the lid on the huge number of geoblocked apps – apps which can only be downloaded in certain countries.

They found 3,672 apps in total were blocked in at least one of the 26 countries included in the study.

Iran and Tunisia apparently had the highest blocking rates, with popular apps like Microsoft Office, Adobe Reader, Flipboard and Google Books banned.

VPN apps were often blocked in Turkey and Russia too.

“Blocking by developers was significantly higher than takedowns requested by governments in all our countries and app categories,” Kumar wrote on The Conversation.

“App stores allow developers to target their apps to users based on a wide array of factors, including their country and their device’s specific features.”

Best Phone and Gadget tips and hacks

Looking for tips and…

Source…

Couple deletes Holiday Inn data for fun after ransomware attack fails

/in


A Vietnamese couple deleted Holiday Inn data from s computers after their ransomware attack failed, saying they did it for fun. 

The hackers, who contacted the BBC on Saturday, September 17, said they had deleted the data “for fun”.

According to the evidence provided by the pair they said they were able to access the computers of the Holiday Inn owners, International Hotels Group (IHG) with relative ease.

The group, which owns around 6,000 hotels, received numerous complaints in the week saying that people were having problems booking. The company initially responded by saying that the system was undergoing maintenance, before admitting that they were the subject of a hacking attempt.

Calling themselves TeaPea, the hackers used an encrypted Telegram message to contact the BBC. They provided images as evidence of the hack, images that the company has confirmed are genuine.

The images show that the hackers gained access to servers, emails and Microsoft Teams chats, but were unable to use that access to install ransomware as the company isolated servers before they could so.

Instead the couple who deleted the Holiday Inn data said: “Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead.

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is an average $300 (€300) per month. I’m sure our hack won’t hurt the company a lot.”

IHG says customer-facing systems are returning to normal although disruptions continue to be experienced as the company works to rebuild the data. Although the hackers say they took no data that has yet to be confirmed by IHG.

The hackers said they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software, which gave them access. After that, they were able to use weak passwords to access the systems.

A spokeswoman for IHG told the BBC that password vault details were secure. She went on to say they had to evade “multiple layers of security”, adding that “IHG employs a…

Source…