Cyberthieves Target Online Holiday Shoppers

12/2/2014
Tripwire, Inc., a global provider of advanced threat, security and compliance solutions, announced the results of a consumer survey conducted by One Poll and Dimensional Research on holiday shopping security practices. The survey evaluated online cybersecurity awareness of 2,011 consumers from the U.S. and U.K., and revealed that more than 40 percent believe emails from "trusted brands” are safe to click, and nearly a quarter of respondents (24 percent) anticipate doing at least part of their holiday shopping while at work.

"Employees need to be aware that anytime their computer is on their corporate network, even if they logged in through a VPN, they can put their organization at risk by simply visiting the wrong website or clicking the wrong link in an email.”

"Cybercriminals are very resourceful, and they know that the siren song of a good deal is almost always irresistible to bargain hunters," said Dwayne Melancon, CTO at Tripwire. "The number one reason to click is trust in a brand, which isn't good – I have seen some very convincing phishing emails and bogus websites that look nearly identical to the real thing. Shoppers need to look beyond the facade of convincing branding to make sure they aren't being conned into clicking on a bogus link.”

Survey findings include:
  • Over a quarter of respondents (26 percent) believe links contained in subscription emails and newsletters are ‘safe.'
  • 23 percent believe links sent from trusted associates are safe to click.
  • Only 28 percent of consumers believe it is never safe to click on email shopping links.
  • 24 percent plan to do at least some of their holiday shopping at work.
According to a recent survey from the National Retail Federation (NRF), 56 percent of holiday shoppers will do some of their shopping on the Internet this year, and many will be using apps, newsletters and email notifications to find the best deals. Unfortunately, cybercriminal activity spikes during the holiday season, and the initial stages of a cyberattack often use malicious links in emails, texts, newsletters and online apps. These malicious links point users to fake websites, which according to a Google study, can be so effective that they work an astonishing 45 percent of the time.

Despite multiple warnings from the FBI, Better Business Bureau and NRF, many consumers place too much trust in shopping links.

"Employees need to be award that anytime their computer is on their corporate network, even if they logged in through a VPN, they can put their organization at risk by simply visiting the wrong website or clicking the wrong link in an email,” said Ken Westin, security analyst for Tripwire. "Savvy attackers know that malicious links are effective, that's one reason phishing attacks are so pervasive around the holidays. Employees should be particularly careful when checking personal email at work, or when clicking links in ads on social media sites.”
X
This ad will auto-close in 10 seconds