Black Friday is behind with all new online sales and cybercrime records (thanks to COVID-19). The Christmas time has come and new sales seasons are to come so there is no good time to forget about cybersecurity risks of every holiday season. Below are some recommendations from Trilight experts.
If you are a buyer, think twice before trusting e-mails and websites during your deals. While millions of buyers go to online shops for pleasant emotions hackers search for confidential personal and financial data.
A popular fraud scheme is based on phishing letters are messages faking well known online brands and online sellers. Take some simple proactive steps to avoid a catch like this:
1. Before trusting the email which you seem to have received from your favourite retail brands or online platforms, make sure you’ve read its contents attentively. Unusual grammatical or spelling mistakes make a first hint. A good example here are numerous phishing sites gone online during recent Amazon sales on Prime Day. Study sender’s email to find more proofs to your suspicions.
2. Do not succumb to temptation of downloading special holiday seasonal subscription or promo codes from suspicious letter. And, of course, never follow the links from such messages. Fraud phishing messages might contain malware or links to wrong URL-addresses which will download to your device zero day malwares or extortion software putting financial and private data at serious risk.
3. If you are not sure about specific messages, try to correlate link in email address with the target link address by pointing to it. If they lead to different addresses, you may inform your Internet access or security service provider of this email to put an end to spreading potential vulnerability among online buyers.
4. And last but not least. Be careful entering URL-addresses manually. One error and you get to erroneous domain with misprint (similar, yet fake URL-address is often a phishing site). To avoid such risks, think about password manager. They are not only a good line of defense from weak passwords, but they also will not be fooled by malicious URL-addresses often overlooked by human eye prone to errors.For sellers: keep your security systems active, duly protected and compatible with PCI DSS.
As we mentioned above not only buyers can become victims of cybercrimes. Below are the action points for sellers to increase their cybercrime resilience.
1. Start with the security training to introduce latest phishing attacks to your team, including data types hunted for by cybercriminals, as well as cunning fraud emails. Give your team a simple way to inform your cybersecurity personnel of such suspicious emails or similar activities.
2. If you plan to keep your physical shops running, make sure all operating systems used at your points of sale have latest security updates. Consider additional security measures such as effective defense against malwares, NGFW, server protection and encryption to protect critically important systems of your retail network. Network segmentation will also help create limited and isolated zones managed with more refined access control.
3. If your retail business uses cloud applications and you have an extended multisite network of branches, franchise and delivery partners then zero trust philosophy becomes critically important. Basic principle is to trust nothing and check everything. It will help establish reliable access to distributed retail network with higher privacy of card holders.
4. Go through mandatory audit to make sure your existing cybersecurity system meets PCI DSS recommendations.
If your retail business does not have sufficient internal experience with cybersecurity or your IT team is not big enough then it is a good reason to engage a cybersecurity partner which will establish continuous monitoring and protection of your retail network, online system etc. from suspicious activities.