One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.
The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”
Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.
We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.
But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.
So how do you minimize the risk of online shopping?
The holidays are here and many are opting to shop online for their holiday gifts, whether it’s to avoid the crowds or because time is running out. Online shopping is a convenient option, everything is almost guaranteed to be in stock, there are no lines and your purchase gets delivered to your doorstep. But, can this season’s holiday shopping come back to haunt you online?
Ad networks, whether via browser extensions or cookies, track your online browsing activities to target ads tailored to your interests. Some see this is as a good thing as you are only shown ads for products or services that would be useful for you, while others may think it’s creepy that the Internet knows about your guilty pleasures. The holidays are about giving and generosity, so your online browsing activities may differ from what they are the other eleven months of the year. You may be researching whether you should purchase a round or square shovel for Uncle Jack, who put gardening tools on his holiday wish list, or which game you should order for your daughter. Now, do you really want to have ads for gardening tools and games for kids following you around the Internet?
How to shop undercover
Whether you want to protect your privacy or simply want to avoid targeted ads that may result from holiday shopping for family and friends, Avast is here to help!
Avast Online Security comes with a Do Not Track feature. Do Not Track identifies tracking software and shows you a list of all tracking and analytics programs that are trying to track your online behavior. You then have the option to choose which tracking software you want to deny or allow to track your online behavior.
By denying tracking software, you eliminate your digital footprint and exclude targeted ads from following you while you browse. Most browsers do come with some form of Do Not Track, but they rely on HTTP Do Not Track headers. Avast on the other hand uses proprietary technology that cannot be overridden by servers.
Avast Browser Cleanup is another tool that will help ward off targeted ads. Browser Cleanup removes unwanted or poorly rated toolbars that could also be keeping an eye on your browsing sessions. Since Avast Browser Cleanup launched in February 2013, it has identified more than 40 million different toolbars, 95 percent of which have been rated as “bad” by Avast users.
Leave the tracking this holiday season to shipping companies and the post office, not online advertising! Avast wishes you and your loved ones safe and happy holidays (and shopping )!
Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.
Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.
The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,
Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.
Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.
It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?
Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?
The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.
How to protect yourself during Black Friday
- Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
- In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
- Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
- Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.
In my previous article, I advised you on how to protect yourself against attempts to steal your money while shopping online. I promised to analyze another problem – how to find shops you can trust and recognize those you can’t.
There are many e-shops and online markets on the internet. Some have a perfect reputation, some do not. From time to time there is a headline in the papers about “another fraudulent website” followed by speculation of how much money was actually stolen. How do you screen the good shops from the bad ones? Let us start with a few tips:
You can generally trust
- Well-known and long established online shops
- Shops your friends recommend to you, based on their experience
- Shops with professional-looking websites and working customer support
Be careful when
- A shop offers goods too cheap – for example a new iPhone for $20
- Websites with limited functionality and errors
- A shop hosted in some unusual country – check the domain name in the address bar
- Respond to offers sent via spam
- Initiate shopping when you get the alarm from avast! Antivirus, or the web-browser for that e-shop
Beside those tips you can use some crowd-sourced reputation service where people visiting that shop can cast a vote about their experience. This can be very useful. Having a lot of positive feedback is a good sign you can trust the shop in question. Mixed, negative feedback signal potential troubles. When there is limited or even no feedback at all, it means the shop is brand new or not widely used. When you come across a shop like that, be very cautious – most of the fraudulent webs have a short lifespan.
There are two reputation services I can recommend you. The first is our avast! Online Security browser plugin which is a part of avast! installation. The second widely used and reliable is Web Of Trust.
Speaking about the reputation, I have one warning for you. The reputation some shops present about themselves can easily be a product of forgery. When you visit a fraudulent site, it will probably be overfilled by fake positive reviews to lure more victims. Trust the reputation and references from friends or independent sources.
How to pay
When using a smaller online shop, unlike the well-known big ones, it is generally a good idea to not give your credit card details directly, but to use some payment service such as PayPal. In this way you can pay for the goods or service without exposing your crucial information. Another option is a pay-on-delivery service. I would be personally very reluctant to trust my credit card to a shop I have seen for the first time in my life. If such a shop accepts only directly entered credit cards, I would rather go buy somewhere else.
There are many threats lying in wait for internet users. Stay protected with avast! Antivirus and please, be cautious about where you conduct online transactions. One last thing – please, share these tips; the topics discussed in these two articles are still new for many people, and you certainly don’t want to see your friends or family members falling victim to cybercrooks.
Enjoy the upcoming shopping season!
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Seasonal shopping fever starts with Black Friday and Cyber Monday in a few weeks, but we’ve already seen terrific sales offered online by retailers getting an early start. Every year more people make their purchases online, with the intention of saving time and money and avoiding the crowds. There are, however, some people who love the shopping season for different reasons. These are people we all want to avoid – Cybercrooks. They study our shopping behavior with one thing in mind – to take advantage of us for their own profit. Here are a few tips to lower your risk of falling victim to cybercrooks.
Protect your credit card well
The most important rule is to protect your credit card. While shopping online, the only information you generally need to authenticate a payment are the numbers written on both sides of your card. Along with the PIN code, these are crucial for the security of your banking account. Be very careful who you entrust with them.
- Never let anyone write down your card number or take a photo of it
- Never send those credentials by email, SMS, or tell them over the phone
- Never give your card to a website you do not trust or which does not use a secured (encrypted) connection
- Process your credit card data only from a clean (without malware infection) computer
- Limit the maximum value payable over the internet at your bank
Some of the points mentioned above require in-depth explanation. Let’s take a closer look at them. Read more…
They say that you can never have too much good advice. So in addition to the excellent set of Safe Holiday Shopping Tips we provided last week, here are three more simple rules of the road for safe and worry-free online experience this holiday season.
1. You can do more online and through mobile; just don’t do it differently. Doing more of what you normally do isn’t as much a risk as doing different things than you normally do. Try not to change your actual behavior, even though you’re doing more shopping and browsing online and through mobile. The less you stray from your normal habits, then the less likely you’ll encounter malicious sites, apps, or messages, and the less you’ll fall victim to fraud and other scams.
2. Scrutinize unusual messages. Be wary when receiving unsolicited or odd messages – even from people you know – and be especially wary if you do decide to act on them. Just like email viruses used to troll your address books, today’s malware will access your social networks. An odd message through your social network may well mean that your friend has been hacked. There will be plenty of scams and attacks that purport to be great last-minute deals, fake holiday cards that ask you to forward along to all your Facebook friends, confirmations or verifications for transactions you never made, and even fake warning messages about scams to avoid. All of these are just different attempts to get you to click on a link.
3. Don’t log in on a page you got to from an outside link. If a message takes you to a login page for a service that you use, look closely at the URL before entering your credentials. Better yet: just go to the site using your bookmarks or standard “www.xyz.com” address rather than signing in on the page you got to from a link.
Black Friday offers deep discounts and enticing deals, but holiday shoppers who venture out into the cold, dark night must have brave hearts, steely resolve, and pointed elbows. Far away from the crowds of frenzied shoppers, those of us who prefer to shop online, wearing our fluffy bathrobes and drinking hot chocolate, face our own set of dangers.
Here are some online shopping tips to help you remain safe and secure:
Choosing the Merchant
- Stick with what you know – Use websites that you know are legitimate. If you visit an unfamiliar one, check the avast! WebRep rating to make sure it’s trustworthy. A quick search for reviews, complaints, or scams related to the site will help you too.
- Make sure the site is secure – Look for the closed padlock icon on your browser’s address bar or a URL address that begins with shttp or http. This indicates that the purchase is encrypted or secured. Read more…
Turns out that the popular online shoe and clothing retailer was attacked by cybercriminals who gained access to parts of the internal network through one of the servers in Kentucky. One Sunday, Tony Hsieh, CEO of Amazon-owned Zappos wrote on the company blog that 24+ million customers were affected, but critical credit card and other payment data was not affected or accessed. The hackers failed to get payment card numbers, because that data is encrypted, as required by the Payment Card Industry Data Security Standard.
The company sent an email to every one of their customers explaining the situation including what information was stolen: Customer name, email address, billing and shipping addresses, phone number, the last four digits of customers’ credit card number, and/or cryptographically scrambled passwords.
Zappos took swift action by expiring and resetting passwords, and they set up a password change webpage for customers to create new ones. “We also recommend that you change your password on any other web site where you use the same or a similar password,” the email sent to affected customers states.
As a result of stolen credentials, phishing attacks that try to steal sensitive information like social security numbers or lead you to a website that attempts to install a virus, are more likely. “As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail,” the blog statement says. “Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.”
avast! EasyPass is a fast, easy way to manage all your passwords. avast! EasyPass generates strong, unique passwords for every site you visit – with just one click. The best part is that you access your passwords using one Master Password, so you don’t have to remember lots of passwords. Learn more about avast! EasyPass.
Black Friday, the day after Thanksgiving and the busiest shopping day of the year, starts at midnight November 25th with mega-sales running throughout the weekend. Cyber Monday, the online retail equivalent to Black Friday, is the time when many consumers, who didn’t want to fight the crowds over Thanksgiving weekend or failed to find what they were looking for, shop online that Monday from home or work.
“For our US friends especially, this weekend is when retailers, offline and online, offer the best deals of the year,” said Jindrich Kubec, senior virus analyst at the AVAST Virus Lab. “It’s also when cybercriminals become hyperactive with scams and fraudulent offers.”