The holiday shopping season starting with Cyber Monday is said to be the most popular season for cyber-attacks as more people go online hunting for the best deals. Malware attacks are also more on Cyber Monday than on the other days. The bestselling item or gadgets are usually the easiest targets for the attackers who choose spams, social media posts or fake sites to advertise deals.
"The attackers know that there are more people online, so there will be more attacks. Cyber Monday is not a one-day thing, it's the beginning of a sustained focus on attacks that go after people in the holiday shopping season," Christopher Budd, global threat communications manager with Trend Micro, told the Guardian.
"If you're reading about it in the mainstream press as far as what's really hot this year, the hackers are too. Whatever the latest hot gadget is, that's almost always going to be used as a spam or phishing or social media scam lure, and that's something that has longevity through the shopping season," Budd said.
According to Enigma Software Group, an international systems integrator and developer of PC security software, the malware attacks increased 40% on Cyber Monday in both 2014 and 2013 compared to attacks on other days of the prior months.
"Instead of going to Amazon. com, someone might go to Google and search great deals on an Xbox One. There are bad guys who are particularly sophisticated and can make it so that pretty high up in the Google search results there might be a page that promises a ridiculously low price for an Xbox, and someone might click on that and in turn get an infection when they do," said Ryan Gerding, a spokesperson for Enigma Software.
"The bulk of infections during the rest of the year that our customers get, quite honestly, comes because of them visiting adult websites and clicking on areas they probably shouldn't. This time of year it seems as though a greater percentage are just folks that are trying to do some shopping."
Besides, social media hack is one of the preferred modes of attackers to send links for discounts on products via messages, tweets and even wall posts. In such cases, the attackers are more successful as users usually trust the recommendations coming from friends.
"You can send out hundreds of thousands of emails, or you can get one person on social media [to click on a malicious link], and they end up infecting all of their friends. It goes on all their friends' walls, and a small percentage of those people will click on it, and it cascades through very quickly," said Kevin Haley, a security expert for Norton.
But there are ways of fending off such attacks. Following are guidelines by the cybersecurity experts to ensure security while shopping online.
- Enable the two-step verification mode.
- Do not click on any social media posts that you find suspicious
- Do not click on suspicious links in mails and social media.
- Make purchase from the sites that are SSL certified.
- Prevent downloading third party apps outside Apple App Store, Amazon App Store or Google Play Store.
- Try not using the same password for more than one website.
- Consider using anti-spyware and anti-malware software.
- Always confirm the order history and other shipping details directly through the online retailer's site, rather than via email links.
- Verify before you bump into any sites offering the lowest price for the deals.