Ernst & Young has issued a warning to users that hackers will look to steal their credentials on Cyber Monday. It is asking them: “When did you last change your password?” It is not just passwords that need to be thought about. Shoppers need to monitor credit cards, protect their device and make sure they are using secure payment services. While the message is initially aimed at shoppers there is a serious business message here as well. Many shoppers will be using the same mobile device that they also use for work.
According to Chad Holmes, Principal and Cybersecurity Leader at Ernst & Young LLP: “Credential harvesting and electronic social engineering (phishing) are still the top techniques used during any electronic attack that is why it is very important to safe guard your information and reset your passwords during the holiday season. Cyber Monday is a perfect annual reminder for people to update their cyber security hygiene like passwords to ensure they provide a strong defence against attacks from cybercriminals.”
Seven things to improve security on Cyber Monday
As password breach after password breach has shown, people can be very lazy when it comes to passwords. The use of simple passwords continues despite all the education in the market. For businesses there are also concerns over shared credential. This is down to users reusing their passwords on multiple accounts. The result is that some shoppers are likely to using the same security credentials for shopping as they do for online banking and work.
To help people out EY has provided a seven point checklist”
- Always vary your passwords: Having the same password for social media accounts, bank accounts and online shopping sites is common practice, but a criminal cracking the code in just one of those places leaves a consumer’s entire identity at risk.
- Keep your passwords strong: Password or ABCD1234 won’t fool anyone. Worried about forgetting, multiple, complex passwords? Use a password manager/aggregator. Just remember to keep the master password strong.
- Don’t take shortcuts: Holiday ads appearing around the web, including on social media sites, normally have malicious activity hiding behind that link. It may seem convenient to click on an ad, but it’s safer to go directly to the site where you want to make a purchase.
- Be suspicious: Don’t remember spending $5 dollars at that coffee shop? Chances are, you did not. Hackers often spend small amounts on stolen accounts to see if the victim will notice. Report any unusual activity immediately and watch your account activity very close during the holidays.
- Make sure your device is sound: It’s important to have up-to-date anti-virus software on your computer and use private browsing features when shopping online. If you’re updating or buying software for the first time, always go directly to the provider site. Fake security software is a common hacker ploy.
- Never give out personal information: You don’t need to give your social security number to buy a pair of jeans. If a website ever asks for this type of information, steer clear.
- Make sure the retailer has done its part: If you don’t see a lock icon in the URL of the website you’re shopping on, you should not be shopping there. A lock in the URL indicates the website is encrypted.
Cyber Monday will be successful for retailers, shoppers and cyber criminals. All will get what they want prior to the holiday period. For shoppers and even some retailers there could be a nasty surprise under the tree come Christmas. Weak security will allow hackers to steal user credentials. This could be off of their device or because the retailer isn’t protecting its customers data properly. It is important for users to do what they can to protect themselves.