Remain vigilant when receiving ‘special offers’ via e-mail

Subscribing to shopping sites comes with the expectation of receiving deals and value offers that can help you save a bit of money on a regular basis, however security experts have warned consumers not to get complacent about the security of such e-mails.

“Businesses and consumers alike need to be vigilant about holiday e-mails, offers, mobile apps, and other online enticements,” said Satya Gupta, founder and chief technology officer at Virsec.

Hackers, he explained, can use social engineering attack techniques, such as e-mail phishing, to mimic holiday retail offers and trick people into clicking on a malware-infected link or providing sensitive information. In the case of ransomware, sometimes all it takes is one click on the wrong link to bring down an entire network or encrypt a personal computer.

“Organisations’ cybersecurity teams should focus beyond their end point security solutions and ensure they are utilising application-aware security tools to prevent software code in their enterprise from being hijacked,” he said. “Consumers can protect themselves by consistently backing up their computers, and regularly updating all software, operating systems, and anti-virus solutions.”

Paul Ducklin, principal research scientist at Sophos, says that it is no good taking special cybersecurity precautions just for the summer sale season. “After all, the cybercrooks use the same attack techniques all year round - they don't go back to less effective hacking tricks after the sales are over, so any precautions that you take for sale season, you should keep on doing all year round.”

Highlighting some ways in which consumers can protect themselves when online shopping, he advised them to write down the contact information of their financial providers. “Make a written copy of the emergency contact details for your bank, card issuer, or insurance company; this way you have an action plan even if you lose your payment card or your phone gets stolen.”

He also advised them to learn about account lock features offered by the bank or card issuer. These days, many banking apps have a "quick lock" option that allows you to freeze and unfreeze access to your account or payment card in seconds.

“Also, turn on 2FA wherever you can,” he added. “2FA, short for two-factor authentication, refers to those one-time login codes that use when logging in. The small extra hassle for you makes it harder for the crooks to mess with your account, even if they figure out your password. Lastly, if in doubt, don't give it out! Cybercrooks can beat any special offer that a legitimate store will give you, because the crooks have no intention of keeping their end of the deal. If it sounds too good to be true, it is too good to be true.”

Similarly, Emad Haffar, head of Technical Experts for the META region at Kaspersky, said that if you receive a link for a deal or offer via e-mail, before clicking on the link first go to the official website to confirm that the offer is legitimate. Only make purchases on official, trusted websites and pay close attention to web addresses if you are redirected to them from another website.

“Use a security solution with behavior-based anti-phishing technologies, which will notify you if you are trying to visit a confirmed or suspected phishing webpage,” he said. “Never use the same password and credentials for multiple websites because if one is compromised, all your accounts are immediately vulnerable. To create strong, hack-proof passwords without the struggle of remembering them, use a password manager.”

rohma@khaleejtimes.com