Appurity: Make it a silent night for cyber thieves this Christmas

The holiday shopping season is well and truly upon us. Starting with Black Friday we enter into a crucial revenue period for retailers as the countdown to Christmas  begins in earnest. In the UK, 2020 was a strange year for Christmas  which was all but effectively cancelled due to COVID. With many non-essential retail forced to close their doors, there were record levels of shopping at online retail sites. And whilst Christmas 2021 is still looking good for the High Street, it is likely that online purchasing will break new records in line with many people’s preference to shop online instead of braving the shops. But it’s not just massive volumes of human traffic that online retailers need to cope with. The bigger question is, how many cyber attackers will try to hide amongst all of this well-meaning traffic? We don’t want to sound like old Ebeneezer Scrooge, but the threat to unprotected devices and shoppers visiting dodgy websites from their smart devices can spell disaster and ruin the holidays for those affected.

Malware – malicious software, more commonly known as malware, refers to software designed to harm a computer system (desktop, tablet, mobile phone) by stealing, deleting, or encrypting data, assuming control over functionality, or even tracking user activity. Malware is most commonly encountered via email. So, whilst you are in the holiday shopping mood you might well open an email that comes with a malicious attachment. But that special Black Friday announcement or early Boxing Day deal might not amount to much more than an image or a harmful macro. If you then go on and enable this content, you might end up unwittingly installing malware onto your device. And once ‘installed’ these programs can cause you massive headaches by stealing your banking credentials for example – or they could also log all of your keystrokes to enable access to all kinds of things on your device.

And malware attackers seem to be upping their game. Recently discovered malware threats are seemingly able to run automated tests to ‘try their luck’ on ecommerce websites using lists of well-known vulnerabilities. If the attackers are able to match one then they can install a backdoor which eventually allows them to serve fake payment forms to unsuspecting customers whose PII and payment details are then stolen.

Phishing – It is human nature to trust our mobile devices. For most of us they are an integral part of our lives – both at home and at work. However, unlike our desktop computer at work, there are myriad ways for cyber thieves to deliver phishing links to us via iOS and Android apps. If they choose to do so, criminals can send phishing links in almost any app on our smart device. It could be via Facebook or Instagram, WhatsApp, or even an online game. Another factor that favours the success of phishing attacks on mobile devices over desktops is down to the design of mobile interfaces. Some details can be hidden when a phishing attack presents itself via a mobile device and mobile URLs are truncated – most users wouldn’t know how to hover over links to reveal the URL in its entirety.

In the holiday shopping rush to grab themselves a bargain, many online shoppers can be caught out by a phishing scam. The links in these attacks usually take the shopper to fake login pages, with the victim unknowingly authenticating themselves on a dodgy web account. Blissfully unaware, they are actually handing over personally identifiable information (PII) such as usernames, passwords or credit card details over to scammers. All of this points to a greater imperative to have phishing protection on mobile devices.

Cyber Essentials Plus – We believe it important to provide a build in accordance with Cyber Essentials Plus, with the associated solutions provided by Mobile Threat Defence (MTD) and Cloud security (CASB). Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. It can help your business to guard against the most common cyber threats and demonstrate your commitment to cyber security. Why is this important? It can reassure your customers that you are working to secure your IT against cyber-attack. It is a good marketing message – you can attract new business with the promise you have cyber security measures in place.

There are solutions available to consumers that serve to give peace of mind when shopping / browsing online, especially during these busy weeks leading up to Christmas. We highly recommend Lookout. It can help to protect your devices with predictive security that finds and stops threats before they do harm, it offers safe browsing to defend against websites that might infect your phone or steal your personal information and alerts you when a Wi-Fi network you join is dangerous or under attack.

The holidays are indeed coming. If you will be joining the many millions who will be buying gifts online, be extra cautious in the face of increased scrutiny by cybercriminals who are very much looking forward to cash-in at your expense. With a little bit of research you can find much needed protection and peace of mind to keep you going well beyond the festivities.