Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization, Trend Micro reveals. Popular underground goods and services The report reveals that determined efforts by law enforcement appear to be having an impact on the cybercrime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDoS attacks and log-in problems impacting their usefulness. Loss of trust led … More
Account Takeover (ATO) attacks happen when a bad actor gains access to a legitimate customer’s eCommerce store account and uses that account for fraud. The impact of ATO attacks A new Riskified survey shows that ATO attacks have a huge negative impact on customers and merchants, damaging brand reputation and hurting merchants’ bottom lines. Despite that, many merchants lack security measures, and 35% of merchants report that at least 10% of their accounts have been … More
The post What can merchants do to avoid falling victim to large-scale ATO attacks? appeared first on Help Net Security.
Online Scam Awareness: Staying Safer in Uncertain Times
As we adjust to a changed world, bad actors are also changing the tactics they use to take advantage of people. You may have already encountered schemes that leverage fear and anxiety to make you click, buy, or respond to malicious communications. Fortunately, a little awareness is all it takes to recognize the scams below and protect yourself and your family.
Our new normal means that many face-to-face transactions have moved to email. We are now relying on email for daily communications from schools, updates from our local businesses and so much more. Armed with this knowledge, online scammers are creating emails capitalizing on sensitive and relevant topics to lure you to hand over personal information.
A very topical scam today takes the form of a phony message from the government, or the IRS, asking you to submit personal information or file a tax form to receive a government stimulus check which can lead to identity theft. The government does not send email communications.
Another popular scam plays on a sensitive topic today, our health. Examples of this include emails masked as coming from a reputable health organization, such as the CDC, asking you to “click on a link to see health news in your area”. The link could download dangerous malware to your device.
Working From Home
While many of us are working from home now, we are seeing fraudsters take advantage of this through efforts like the “CEO Scam” where they spoof the email address of someone in your workplace with a position of power. Emails from this spoofed account typically include work-from-home policies or safety precautions and ask you to download an attached policy sheet, which may contain malware.
We are all relying on home deliveries more than ever now. Recent scams send a warning that your order or account is on “hold” until you verify some details, or that you need to click on an attachment to see the delivery time. Often they will spoof popular e-commerce sites, like FedEx or Amazon and deliver malware straight to your inbox.
Social media scams
Be wary of social media platforms. Scammers are using these outlets to advertise phony cures, medical equipment in bulk, and other schemes not unlike the ones used in the phishing emails above.
Fake E-Commerce sites
Hundreds of new e-commerce sites have been popping up offering everything from hard-to-find products, medical equipment, and more Some are legitimate middlemen hoping to turn a quick profit, but others are fake websites looking to collect your personal and financial information.
Protect yourself with these 5 tips
- Learn to spot suspicious emails: Check the email address by hovering over it with your mouse. Does the extension on the address match the company the email represents? Other red flags to look for are typos, grammatical errors and the use of generic greetings such as “Dear Sir”.
- If you get what appears to be a suspicious request from someone at work, a friend, or family member, verify the message with that person directly before opening or responding.
- If you are looking for health or financial information online, stick to reputable sources such as state and government websites and the CDC. Never respond to unsolicited emails or click on included links.
- When shopping or browsing online, go directly to reputable websites, instead of clicking on questionable ads, links or emails.
- Ensure that you continue to update your security solutions across all devices. This will help protect devices against malware, phishing attacks, and other threats, as well as help identify malicious websites when browsing.
The post Online Scam Awareness: Staying Safer in Uncertain Times appeared first on McAfee Blogs.
Be wary of online shopping scams – 7 ways to fight them
While some of us may be quite skilled at finding miscellaneous gadgets and great deals on apparel online, relying on e–commerce platforms for all of our basic household needs is a new challenge. Many of us preferred to shop at brick and mortar retail for certain purchases such as groceries or pharmaceuticals. Now that we’ve turned online for all our shopping needs, online suppliers have struggled to meet the surge in demand for certain goods, opening a new space for third-party sellers and malicious actors to step in. Since the beginning of the year, the Federal Trade Commission (FTC) has already received over 8,400 complaints regarding consumer scams, and the total reported consumer loss weighs in at $5.85 million. Here are some common scams to be on the lookout for.
Fake Shopping Websites
Cybercriminals are quick to take advantage of emerging trends or events. We’ve already seen numerous fake shopping websites claiming to sell hot ticket items like cleaning supplies that may be sold out elsewhere. In reality, these credit card-collecting scams may deliver counterfeit goods or nothing at all.
This same logic applies for investments as well. Scammers may be posing as budding companies attempting to raise capital to build medical equipment. Others may be advertising non-existent hedge funds with guarantees of high returns post-crisis. Regardless of the promised deliverable, be sure to conduct sufficient research prior to making major investment decisions.
As Time reports, some sites even promote “remedies ranging from colloidal silver to cow manure.” Luckily, the FTC and Food and Drug Administration (FDA) have started cracking down on companies that issue unsupported claims about miracle cures and vaccines.
At the time of writing, the FDA has not approved the sale or distribution of any home testing kits. While some of these offers have come from legitimate companies that may have relationships with testing labs, most of these have since received and abided to cease and desist notices. Always reference official entities for guidance on testing, such as the CDC (Centers for Disease Control and Prevention) site here.
This doesn’t mean we should halt our online purchasing. If anything, some logistics companies are encouraging us to continue supporting our favorite small retailers through online purchases to keep them afloat in the uncertainty that lies ahead. With many new instances and flavors of cyberattacks popping up overnight, we can help you stay diligent and secure as you adapt to this shift online.
Shop Safely Online
Remember to follow the tips below to ensure your safe online shopping efforts are not in vain:
- Exercise caution when receiving promotional emails or texts from unknown sources, especially those that make claims too good to be true.
- Stay away from unfamiliar ecommerce websites, even if they’re referred by people you know. Some red flags could be nonsensical URLs, misspellings and unprofessional webpage designs. You can also use a free safe browsing extension to help steer you away from illegitimate sites.
- Use a mobile security solution to help you stay secure on your mobile devices with automatic security scans.
- Use a VPN (virtual private network) like McAfee® Safe Connect when conducting sensitive transactions – the data encryption can help ensure your personal information stays protected from prying eyes listening in on your web traffic.
- Consider using an identity theft protection service to help protect, detect, and correct potential breaches in personal information.
- Protect your purchases by looking for sites that begin with “https” instead of “http” – a good way to remember this is “S for secure.”
- Use a comprehensive security suite to ensure your devices and online accounts are protected.