Cisco Talos presents its tips for staying safe during the rest of the holiday season and beyond, based on its experience recognizing and analyzing the full cyberthreat landscape. The closing days of the holiday season are often the most risky, as shoppers face limited supply and shipment delays. Many shoppers are willing to compromise and contact with untrustworthy sources in order to buy gifts on time.
Common Tactics by Cybercriminals and Recommendations from Cisco Talos
1. Emails, URLs and Pop-ups
Before clicking on links in unwanted emails, Internet users should check whether they have previously subscribed to any marketing emails from retailers. Many fraudsters send emails that appear to come from well-known local and worldwide retailers. Users should be aware of changing phrasing, hover over the sender to get the complete email address, and type the website name into a browser rather than clicking a link.
Ad blockers should be installed on any Internet browser on all devices as a normal practice. These will aid in the deterrence of virus advertising operations that seek to profit from bargain-hunting shoppers.
2. Promotions, Giveaways and Acting on Impulse
Phishing schemes sent via email usually market a brand name and product with unheard-of low costs. They offer counterfeit items in certain circumstances, while the consequences in others might be far more catastrophic.
During the holiday season, cybercriminals prey on customers searching for a good deal by marketing ‘one-day only’ and ‘last minute’ sales. Fraudsters employ this tactic to entice users to behave rashly in order to avoid missing out on a lucrative chance. This strategy is increasingly being used in social media advertisements.
Users may also receive emails and direct messages about freebies and contests that they never entered but have already won. Internet users must always assess the possibility of a situation and whether they are at risk of being led astray.
3. Popular Applications
Some malicious apps will attempt to pass themselves off as a legitimate version of the software the user is looking for. Poor spelling and language in app descriptions and interfaces, a lack of high-quality performance, and a developer contact who utilizes a free email account (such as @gmail.com) are all signs of these apps.
Apps should only be downloaded from reputable and legitimate app shops such as the Google Play Store and the Apple App Store. Apps that ask for suspicious rights, such as access to text messages, contacts, stored passwords, and administration features, should be avoided.
4. Additional Layers of Protections
Users should strive to use payment services like Google Pay, Samsung Pay, and Apple Pay whenever possible. Tokenization is used instead of the “Primary Account Number” (credit card number) in these services, making transactions more secure.
Users must also use difficult passwords that are unique to each site, despite the fact that this may seem apparent. The usage of the same passwords across various platforms is common, increasing the risk of cyberattacks. Passwords are frequently reused by attackers to gain access to many accounts with the same username.
Multi-factor authentication systems, such as Cisco Duo, can also help consumers enter into their email accounts securely and avoid illegal access.