Use secure channels for online transactions
Cybercriminals love the holiday season. It is the ideal opportunity to steal banking and personal details from unsuspecting victims doing their holiday shopping online.
“Any time you make a purchase online, you are required to provide credit card or bank account information.
“This is what cybercriminals are most eager to get their hands on,” said antivirus company Kaspersky Lab’s South-East Asia general manager Sylvia Ng.
She added that it is vital for consumers to only share personal information with websites that provide secure, encrypted connections.
Secure sites can be identified by their address which starts with HTTPS instead of just HTTP.
HTTP stands for HyperText Transfer Protocol while HTTPS stands for Hyper Text Transfer Protocol Secure.
“A web page URL that begins with HTTPS indicates that your data will be encrypted and transferred using a secure protocol.
“There will also be a padlock-shaped icon on the browser screen. When you click on it, you will be able to see the security details of the site,” she said.
This security protocol is known as Secure Socket Layer (SSL), a standard technology for keeping an Internet connection secure.
According to the feature “Web Security: Why You Should Always Use HTTPS” on digital media website Mashable, when using HTTPS, the user’s information remains confidential.
Only their browser and the server can decrypt the information, so the data cannot be modified without the user’s knowledge.
Websites that ask for personal details but do not use HTTPS are compromising privacy and security, especially to phishing and sniffing attacks.
Phishing does not usually target a specific victim and mainly uses e-mail or bogus websites designed to look legitimate, where unsuspecting users share their personal details.
However, recent reports tell of advanced phishing attacks known as “spearphishing”, in which specific individuals, businesses or organisations are targeted.
Hackers are now able to disguise scam e-mail so convincingly, it is nearly impossible to tell that it did not come from a trusted friend or colleague.
Sniffing, on the other hand, works by intercepting packets of data sent across a computer network.
If the packets are not encrypted, the data within can be viewed in full.
Unencrypted public WiFi connections leave users vulnerable because the traffic is visible to anyone with access to the signal.
“The same features that make free WiFi hotspots desirable to consumers make them desirable to hackers; no authentication is needed to establish a network connection.
“This gives the hacker the opportunity to get unfettered access to unsecured devices on the same network,” said Ng.
HTTPS eliminates sniffing attacks by concealing the traffic’s information and revealing it only to parties that know how to decrypt it.
The attackers can see the traffic, but it appears as random bytes.
“There are a few precautions to take when using public WiFi. You can set up a Virtual Private Network when using an unsecured connection.
“Even if a hacker positions himself in the middle of your connection, the data will be strongly encrypted,” said Ng.
Users are also encouraged to enable the “always use HTTPS” option on websites that they visit frequently and to always keep their WiFi connection off when not in use to protect themselves from cyberattacks.