Sadly, a festive perennial of recent years is how the UK’s cybersecurity agency NCSC warns consumers about cybercrime when they rush out online to make their purchases.
With the release of this year’s Cyber Aware Campaign, Alex Hinchliffe, threat intelligence analyst at global cybersecurity leader, Palo Alto Networks, shared some practical advice for how to stay safe when doing your holiday shopping from your work and home devices:
- Protect against ransomware by separating work and personal devices.
“Ransomware continues to be a serious security threat. We see consumers working from home and shopping on their work devices get targeted by attackers. The goal for the attackers would be to compromise the consumer’s work device, get on the corporate network and infect the organisation with ransomware.
Consumers should remember to do their work stuff on their work device and their personal stuff on their personal device. It's far too easy for someone to use a password vault or other credential store to keep personal and corporate passwords. Information stealing passwords could steal both. This avoids giving attackers an opportunity to target a consumer’s employer.
The risks for organisations from ransomware attacks that shut down essential systems and steal data are huge. The size of both demands made by cyber criminals and pay-outs is rising sharply, and no organisation, large or small, is immune from an attack. Inadvertently letting a ransomware gang into your employer’s systems is the worst possible holiday gift.
- Examine festive email offers carefully to avoid phishing scams.
The most common way attackers get into your computer is via a phishing email.
Even more so than usual, during the holiday shopping season, consumers should be on the lookout for a variety of phishing scams, such as fake delivery notices, fake order confirmations and bogus charities.
Remember to think before you click. Don’t click on links from unknown sources. If a deal or offer seems too good to be true, it is.
- Double-check domain names to ensure you’re visiting the website you intend to visit.
Cybersquatting is where cybercriminals register website domain names that appear related to existing domains or brands, with the intent of profiting from consumers’ typing mistakes. The purpose of squatting domains is to confuse consumers into believing that legitimate brands own these similar sounding domain names.
With consumers doing so much of their festive shopping online, attackers will be active in setting up squatting domains that are like the stores where people love to shop. For example, we frequently find Amazon is one of the top abused domains.
Consumers should make sure they type domain names correctly and double-check that the domain owners are trusted before entering any site. Look for that lock symbol or the “https” in the browser.
- Keep an eye on credit card statements to catch formjacking attacks
A top festive cyber scam threat is formjacking, where cybercriminals inject malicious software code into a webpage used by the consumer to purchase something or share personal information. This scam is designed to steal your credit card details, and other personal information from payment forms that are captured on the “checkout” pages of shopping websites
The challenge for consumers is that formjacking attacks can be difficult to detect. Your transaction will go through, but behind the scenes, attackers are stealing your credit card information – and could potentially be sold on the dark web.
Consumers should make sure to double-check their credit card statements to ensure there’s no suspicious activity.
In general (not just related to formjacking), consumers should always use a credit card, or prepaid gift card, when making purchases online. This ensures a quick resolution if a cybercriminal gets the card information and makes, or tries to make, a purchase. With prepaid gift cards, in particular, it also limits the amount of money a cybercriminal has the potential to steal.”
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.
Palo Alto Networks and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.
Anisha Pamnani, Consultant, Wallis PR