Cyber Monday & Black Friday’s Hacks & Scams

BLACK FRIDAY & CYBER MONDAY HACKS & SCAMS security advice for web merchants and advice for consumers November 2011, the google search term GO WITH SITES YOU KNOW >CYBER MONDAY DEALS or if you're not familiar, ask someone you can trust or do some more research before you decide. 400% increase $ 199 awesomeprice.com $ 230 bestdeal4you.info $ 560 amazon.com* $ 321 price4all.tw saw a iPad 2 in the number of search requests on sale now Hackers know this and prey on popular keyword searches like "jewelry" and "toys". They create fake sites where they can steal your personal information and credit card numbers. *shown for illustration purposes only, amazon.com is not selling the iPad 2 at this price. Source: http://www.google.com/trends Security experts discovered "poluted" results appearing in search engine results for holiday shopping-related terms in advance of 2010 Black Friday sales, the company said. SHOPPERS TRYING TO SAVE SOME MONEY BY SEARCHING FOR $$3 LEAKED BLACK FRIDAY ADS These links take users to a malicious site that tricks ARE A PERFECT FOR SCAMMERS! users into downloading malware. -SonicWall UTM Research Compromised serch terms included: Embedded JavaScript "Walmart Black Friday Sales 2010" "Black Friday" and "Cyber Monday" Firefox Legitimate looking checks MALICIOUS Link BROWSER Fake Flash Player UPDATE "Best Buy Black Friday 2010 Deals" Sonic Wall identified was used to push a fake antivirus a two-pronged attack, varying by the user's browser type. software called Internet Explorer "Internet Security Suite" Fake Virus / Malware INSTALLED NOTIFICATION MALWARE Varying the malware attack based on the browser the user is using, is a common tactic. SPYWARE The attacker is “maximizing the number of potential victims" by "customizing" the behavior to browser-specific vulnerabilities 80% of Annual Online Sales 80% THE SCAMMERS ARE COMING! occur in the 4 weeks between Black Friday and the weekend before Christmas. SPAM EMAILS These 4 weeks are also the biggest weeks for SCAMMERS & SPAMMERS are going to be coming in greater volume and more frequently. Spammers are getting more sophisticated in their approach and bypassing spam filters. as well! FREEBIES may be FREEBIES in the sense that you get FREE MALWARE SECURITY FOR WEB MERCHANTS Jamz Yaneza ( Trend Micro ) UPDATE YOUR SYSTEM SOFTWARE HOTTEST TOY THIS SEASON If it's a LAMP server, upgrade your Linux kernel, make sure Apache and PHP are up to date, install an updated mod_security rule set, etc. advertised in a spam e-mail blast for much less than the typical price. Victims end up entering credit card information on malicious sites designed to look like well-known, trusted ones. They might also unknowingly download a keylogger. REMOVE ANY OLD SOFTWARE If you installed a forum to test out, or tried a different shopping cart and then forgot about it, make sure you remove those now. UPGRADE ANY FRONT END SOFTWARE ADVICE FOR For example your shopping cart software, blog or forum if you have one, etc. CONSUMERS USE A PCI COMPLIANT CHECKOUT SYSTEM UPDATE YOUR SOFTWARE If your site accepts payments online, consider outsourcing your checkout process to a PCI compliant provider like Google Checkout or PayPal. Security experts recommed making sure your operating system, web browsers and security software are up to date and secure browsing is enabled. SCAN YOUR WEB APPLICATIONS BROWSE ENCRYPTED IF POSSIBLE There are numerous free and paid web app scanners that report potential security vulnerabilities. CyberDefender suggests using encrypted search, such as Google SSL (https://www.google.com), instead of classic Google (http://www.google.com). "Look for the padlock icon or a URL that starts with https://", Lavasoft said. "That means your session is encrypted. If your not familiar with how to do the above, contact your hosting provider for assistance. After you think everything is ready to go, SCAN AGAIN USE CAUTION WITH PUBLIC WI-FI DON'T eagerly use public wi-fi. Be aware that anything you do on public wi-fi networks can be seen by others. Another thing you can do as a merchant is help educate your customers on good security practices. FIREWALL & STRONG PASSWORDS Security experts note having a firewall and complex passwords can provide an extra level of protection against cybercrime. This is something that can't be said enough. - Remaind your customers that you do not send e-mails with attachments - You will never ask them for any personal or billing info via an e-mail - Let your customers know you always send your promotional e-mail from the same e-mail adress (example: [email protected]). UP TO DATE VIRUS SCANNER With the increase in malware, its also important to have an up to date virus scanner. Sources: http://www.cbsnews.com/stories/2010/11/29/earlyshow/living/parenting/main7098700.shtml http://www.eweek.com/c/a/Security/Hackers-Target-Black-Friday-Cyber-Monday-Search-Terms-347977/ http://pcicompliantnews.com/2010/11/cyber-monday-is-1-week-away-the-xmas-for-hackers/ http://www.pcworld.com/article/139807/hackers_poised_for_black_friday_assault.html http://www.foxnews.com/scitech/2009/11/30/shopping-cyber-monday-beware-scams-xmas/ http://pcicompliantnews.com/2010/11/cyber-monday-is-1-week-away-the-xmas-for-hackers/ http://www.allstate.com/safety-and-prevention-tips/take-precautions-during-cyber-Monday-online-shopping.aspx http://www.eweek.com/c/a/Security/Hackers-Target-Black-Friday-Cyber-Monday-Search-Terms-347977/ http://pcicompliantnews.com/2010/11/cyber-monday-is-1-week-away-the-xmas-for-hackers/ DON'T JUMP AT THAT DEAL When you get an amazing offer via e-mail think twice before clicking. If a deal seems too good to be true - it probably is (example: you can't buy the iPad2 for $99 and get the second one for FREE). Brought to you by oupon Audit