In my previous article, I advised you on how to protect yourself against attempts to steal your money while shopping online. I promised to analyze another problem - how to find shops you can trust and recognize those you can't.
Seasonal shopping fever starts with Black Friday and Cyber Monday in a few weeks, but we've already seen terrific sales offered online by retailers getting an early start. Every year more people make their purchases online, with the intention of saving time and money and avoiding the crowds. There are, however, some people who love the shopping season for different reasons. These are people we all want to avoid - Cybercrooks. They study our shopping behavior with one thing in mind - to take advantage of us for their own profit. Here are a few tips to lower your risk of falling victim to cybercrooks.
Protect your credit card well
The most important rule is to protect your credit card. While shopping online, the only information you generally need to authenticate a payment are the numbers written on both sides of your card. Along with the PIN code, these are crucial for the security of your banking account. Be very careful who you entrust with them.
- Never let anyone write down your card number or take a photo of it
- Never send those credentials by email, SMS, or tell them over the phone
- Never give your card to a website you do not trust or which does not use a secured (encrypted) connection
- Process your credit card data only from a clean (without malware infection) computer
- Limit the maximum value payable over the internet at your bank
Some of the points mentioned above require in-depth explanation. Let's take a closer look at them.
I am quite surprised at how inventive people can be when it comes to the thinking up weak passwords. The obviously weak combinations like '1234' or 'qwerty' along with names and phone numbers are quite common parts of passwords.
The story begins with me fighting a familiar piece of malware, Bicololo, which is spyware designed to steal the identity from users of Russian social networks. A routine task you might say. This time the authors were less cautious with settings on their rogue servers, so I managed to get hundreds of freshly-stolen credentials. What to do with them? The first thing I tried was contacting support of the affected social network to get users warned and passwords reset. Unfortunately, my effort met no success there; they did not even bother to answer my mail! So instead of getting to warn hundreds of innocent users on the Russian social network, I used this unique opportunity to analyze the habits users have regarding their passwords and share it with our AVAST readers.
Once I cleaned up the data, I received about 850 unique combinations of username-password pairs. This is not enough variants for the results to be widely representative. The data was obtained from a rather specific group of (less experienced) users whose lack of knowledge allowed their computers to be infected. I expect the general reality to be a bit better than my results. Though my findings are not scientifically-correct, they can give us some insight into the problem and show us examples we should avoid while choosing our passwords.
In October we wrote on our blog about a spreading Russian Trojan horse named the Bicololo. Since that time, the malware has continued to evolve and spread even further. Nowadays avast! saves several thousand PCs every day from its infection.