The Nightmare Before Christmas
Decoding Security
English - November 21, 2017 07:01 - 12 minutes - 9.75 MB - ★★★★★ - 6 ratingsTechnology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Whether you shop in store on Black Friday or wait for Cyber Monday, all holiday shoppers need to be aware of the ways their information could be compromised.
Safe Holiday Shopping
The Nightmare Before Christmas
November 21, 2017 | Episode 6
Introduction
The holiday season can be exciting, full of anticipation and nostalgia. Seasons are changing, celebrations are being attended, and gifts are being given. But, there is a dark side to these gifts. Holiday shopping. Last year, 101.7 million people went shopping on Black Friday. This is a massive increase over the 74 million who braved the crowds the previous year, and is just one day of the biggest shopping weekend of the year, ending with Cyber Monday. The past few years, we have also seen an even larger number of people shopping online over Black Friday weekend.
This year, 27% do not plan to shop online this year, due to concerns over their personal information being compromised. This is by far the biggest reason people choose not to shop online, considering only 29% of consumers don’t plan to shop online for any reason, including a potential compromise of personal information. Whether you are shopping in the stores, or online, there are some steps you can take to keep your information safe.
In The News
Dolphin Attack
Voice controlled assistants, such as Amazon Echo, Google Home, and Siri, can be hijacked by high frequency signals, that are out of the human range of hearing, but can be heard by Dolphins. This can potentially be used to perform tasks without your permission, such as make purchases or record conversations.
Related Article:
http://www.bbc.com/news/technology-41188557
Intel Management Engine
Positive Technologies has found a vulnerability in versions of the Intel Management Engine from about 2015 and newer. This can be used to put persistent malware on a computer that can’t be detected by antivirus software. This does require the use of a USB port, and something like a Raspberry Pi, but could eventually be put on a smaller device, like a Bash Bunny.
Related Articles:
http://blog.ptsecurity.com/2017/10/how-to-obtaining-full-system-access-via.html
Black Friday & Cyber Monday Shopping
Online Shopping
Be aware of phishing campaigns. During the holidays, it is common to see fake shipping notifications in your email. If you receive a notification for an order you aren’t expecting, do not click on the links. You can type address in the address bar if you aren’t sure whether it’s a legitimate email or not, but clicking on the link in a phishing can take you to a malicious site that the attacker has set up to steal your information, or install malicious software on your computer.
Public wifi may be convenient, but it is a good practice to ensure you are not doing any shopping over public wifi. Anyone else on that same wifi network may be able to be sniffing the traffic, and collect the details you enter into websites.
When making purchases online, it is also safer to use trusted payment methods, other than your credit or debit card, like PayPal. This creates a level of separation between your bank or credit account, and your payments, which helps keep your money safe, and is also much easier to cancel than a bank account or credit card. You will also have the option of using two-factor authentication, which makes it much more difficult for your funds to be used without your permission.
Keep a close eye on your credit card statements. This time of year can by chaotic, but keeping a close eye on your statements helps you identify any unauthorized activity faster, which can also make it easier to get charges reversed.
Physical Shopping
When you are shopping at physical stores, stay aware of your surroundings. Pay attention to whether someone is following you, and if you see any suspicious activity, report it to a store employee so they can make their security team aware.
Don’t carry a lot of cash on you while shopping. If someone sees a large amount of cash in your hand or wallet, it makes you a target. Remember that cash is not as easily traced as credit or debit cards.
When using cards, it is best to use a card with a chip. Most financial institutions offer chip cards now, so if you are still using a non-chip card, now is the time to replace the card. A small replacement fee is worth the added security a chip card provides.
Website Owners
If you are a website owner, you need to be sure that your customers are safe when shopping on your website. One basic step you can take is to use a WAF and CDN to protect your site, and help ensure your site can handle the traffic it will be receiving over the holiday season.
Your site must be PCI compliant as well. PCI provides the standards for security for any company handling credit card data. Not being compliant can increase the chances of a breach, which can lead to heavy fines.
Use a malware scanner on your website. Don’t just rely on your host to scan for malware, they often only scan at the server level. If your site is compromised, you want to find the malware as quickly as possible to keep your customers’ data safe.
Now is also the time to run your updates, and review your incident response plan. Updates can help prevent a breach, but if one still occurs, you want to be sure you are prepared, so you can recover as quickly as possible.
Final Tip
Hide and Seek
With all the large purchases people will be making this holiday season, security continues even after the purchase is made, and the gifts are brought home. Thieves will often patrol neighborhoods looking for signs of expensive or exclusive purchases. When you purchase a computer, TV, game system, etc., be sure to break down and hide your boxes when disposing of them, so that it can’t be easily identified what you purchased.
The music "Upbeat Forever" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
Decoding Security is hosted by Jessica Ortega, with guest host Ram Gall, and produced by Topher Tebow for SiteLock.