Security Awareness Tips for The Holidays

Awareness during the holidays is crucial as this season is on course setting new records for cyber attacks to occur exploiting the bad habits of unaware users in companies and individuals alike. Cybercriminals can defraud and monetize their actions with little effort. During the Christmas holidays, more than other times of the year, a growing number of users make and plan their shopping online, through mobile and social networks.

Online Shopping and Identity Theft

The single most significant concern is the identity thief where their Personal Identifying Information (PII) along with credit card information saved on a website can be hacked using malware to steal data. This season is set to break new records for online shopping with a majority planning to visit a retailer website.

These are the most common cyber attacks to be aware of while shopping online:

Pharming – is a malicious and illegitimate website where it redirects to a bogus URL. Even if the URL is entered correctly, it can still be redirected to a fake website if compromised with malware. This is also a form of DNS Hijacking where malware redirects the query to a phony domain name server (DNS) by overriding a computer’s TCP/IP settings.

Phishing – common tactic attackers use sending victims emails that appear to originate from a legitimate source. For example, emails masquerading a well-known retailer contain an altered Universal Resource Locator (URL) address where anyone who clicks on the link is automatically sent to a fake site designed to collect personal information.

A phishing attack is a form of social engineering designed to trick you into divulging your PII. Other ways are phone calls from a telemarketer who asks for information or someone claiming to be from your bank who wants to check a fraudulent charge. These are the robocalls that dial a set of sequential or random phone numbers and catch the unaware who answer the calls. Once replied they receive a recorded message or connected to the person who tries to bait them into their scam offering bogus high-pressure discounts.

The Data Cybercriminals Want

Social Security Number – is one of the most valued PII because the social security number (SSN) is a government-based identity asset an American has in their possession. Once your social security number is stolen, the identity thief can either sell it to undocumented workers or use it to impersonate the victim obtaining property and money. With this credential, they can also access opportunities and services available only to social security holders. Also, the identity thief will use your PII to forge fraudulent documents like passports or open credit card accounts.

Driver’s License Number – is another state issued government identity card where once stolen it can be sold off to other criminals who look similar to you. State issued identification (ID) cards are also issued to individuals who are not operating a motor vehicle. These identification documents are also used to impersonate a victim’s identity to hide or protect their own identity if they are caught in a compromising or dangerous situation. Also, the state ID can be used to access a victim’s opportunities and services with corroborating information online.

Financial Accounts – is one of the most common types of online PII thief where a person’s credit card and bank account information is stolen and used to purchase goods and services. It can also be used to open bank accounts and additional credit cards that result in significant loss of money. This form of attack can also prove hazardous to an individual’s future purchasing power or financial security.

Insurance and Medical Accounts –  these two forms of identity theft are closely related where a victim’s PII and PHI (Protected Health Information) such as medical identification numbers are used to access medical services and prescriptions. This is one of the most prevalent forms of identity theft and can lead to financial losses as well as become dangerous from life-threatening incorrect information present in a victim’s medical history.

Types of Identity Thefts

Tax Identity Theft – these are fraudulent tax refund returns where cybercriminals use the victim’s SSN and name. This can cause significant delays in the back being correctly processed and loss of funds among other issues.

Child Identity Theft – this occurs when a child’s SSN number is stolen and used to defraud the government for services, student loans, and other services that affect children directly. The implications are identical with all forms of online identity theft.

Synthetic Identity Theft – is one of the most sophisticated using the SSN and all other forms of identification in combination with fake information. These are used to create a new identity to open new credit card accounts, bank resources and apply for jobs. Synthetic characters are also the most difficult to detect since the status is deceptively mixed in with fake information.

Tips to Thwart These Attacks

User awareness is the best tool for avoiding issues with shopping and providing personal details online. Paying attention is critical and shopping from large, reputable merchants that have a history of delivering exceptional customer service. The online retailer by being competitive maintain the highest standards of security and customer satisfaction. For the general consumer always make sure that web pages requesting your personal details are secure are to check for the “HTTPS” rather than “HTTP” at the beginning of the URL. The “S” indicates that it is a secure connection using an encrypted Secure Socket Layer (SSL) protocol to safeguard the information that is entered. The third-party Certificate Authority that issued the SSL certificate has adequately identified and vetted the web site domain owner as legitimate and will be designated on the browser.

With phishing attempts, never respond to any request for personal information via email and inquire to the organization by phone to confirm requests for personal information is legitimate. Most organizations will be concerned with fraudulent phishing attempts and will never ask for such information via email.

Antivirus and anti-malware software prevent malicious apps from being inadvertently installed on your computer or mobile device and recording the entry of your personal data into online forms when making a purchase.

Always protect your PII and PHI data and teach children good internet security habits when surfing the internet and to never divulge or be bullied into giving up their personal information to anyone, especially on social media. Have them be aware of the dangers and to notify parents or law enforcement authorities if they suspect malicious intent or become victims.