How to Stay Safe on Cyber Monday

Posted on by Jennifer Lawinski

Tis the season for online fraud. And this year's Cyber Monday is expected to give cybercriminals more potential victims than ever before.

Adobe expects online shoppers will spend more than $3 billion online today, and that's just the tip of the iceberg. More than 270 million shoppers are expected to spend more than $83 billion throughout the holiday season, and more than half of those purchases will be made on mobile devices.

Cyber Monday Credit Card

How can you be sure the online purchases made on your network are safe this holiday season? (And your employees are indeed shopping at work today. Clothing retailer Madewell's Cyber Monday discount code is "SHOPATWORK.")

According to iovation, a Portland, Ore.-based provider of device intelligence for authentication and fraud prevention, online shoppers need to beware of several types of fraud this holiday season. 

In addition to credit card fraud and account takeovers, which occur when cybercriminals steal personal identifying information to access existing accounts, hackers are also using friendly chargebacks and shipping fraud, in which goods are misdirected or ordered but never sent, to target consumers.

“One interesting holiday scam is a mix of phishing, credit card fraud, and return fraud known as triangulation fraud,” said iovation’s Vice President of Product Scott Olson.

“That’s where criminals set up a phony online auction for an item they do not have and when the ‘winning bid’ comes in, the fraudster uses a stolen credit card to fulfill an order from an online retailer," he said. "The fraudster wins because they receive funds and the consumer wins because they get the item they bid on. But this scam leaves the person whose credit card was stolen to dispute the charge with the victim retailer, and it makes it difficult to track the bad guy.”  

The holidays are also prime time for phishing scams. According to San Francisco-based security vendor Cloudmark, gift-card phishing scams, which lead consumers down a rabbit hole of confusing sign-up procedures, are being used to collect private information.

In the scheme concocted by RewardZoneUsa, consumers are asked to click on email links to get gift cards, but then wind up navigating elaborate sign-up processes that ask them to apply for credit or pay for a service to get these allegedly "free" cards. They are also asked to give phone numbers that wind up on telemarketers' lists.

Awareness and safety-savvy practices are key to making sure your employees weather the holiday season without falling victim to online predators.

Nitin Bhandari, CEO of Skyfire, San Francisco, Calif., acquired by Opera Software, says there are a few ways shoppers can stay secure.

First and foremost, be aware of your surroundings. Shoppers are comparing prices on their smartphones in public, and they need to be careful about exposing their screens, especially on sites where credit card information is visible. Make sure they steer clear of using public Wi-Fi without encryption or a VPN, and keep all mobile devices updated with the latest security fixes.

And if shoppers are online at work, email security appliances can help keep unwanted malicious spam out of their inboxes in the first place, and local browser client protection can also help.

Beyond what IT can do to keep shoppers safe on the tech side, users need to be reminded to shop smart.

If they do shop online, advise they shop directly from merchant websites and keep track of credit card and banking statements to make sure that they're responsible for all the listed transactions.

Jennifer Lawinski

Director of Social Media & Community, Arculus

fraud security awareness

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs