Cyber-security expert: Avoid attack by carefully inspecting emails
With online shopping expected to be at an alltime high this holiday season, one cyber-security expert warned shoppers to be careful opening emails because that is the most common way cyber-criminals hack into a computer system.
Rob Cheng, CEO of PC Matic, which produces anti-virus software, said cyber-criminals typically gain access to the hard drive through emails containing fake or disguised links, known as phishing, or lethal attachments.
Once the hacker gains access to a person or company’s computer hard drive, the victim’s computer shuts down and the hacker asks for a ransom that often can range between $1,000 and $10,000, Cheng said. The criminals typically demand payment by crypto-currency, most notably bitcoin, he said.
“People are paying ransoms and using companies to help them get bitcoin,” Cheng told MediaNews Group. “My recommendation is to prevent it from happening in the first place. You have to focus on prevention. It can get really ugly no matter who your are.”
Bitcoin is used because it is not traceable, he said.
The cyber-criminals may threaten to post “embarrassing information” online in an effort to coerce the victim into paying the ransom, he said.
“The good news is that if you pay the ransom, you usually get your access back,” he said, although the FBI discourages people or companies from paying ransoms to discourage hackers.
“The FBI is not going to help you get your files back,” he said. “They try to find out who did it.”
Online shopping was expected to replace a large amount of brickand-mortar store shopping on Black Friday, and the Monday after Thanksgiving has become known as Cyber Monday for the many deals offered online.
Cyber-security firm Avira said that 75 percent of Americans said they planned to shop online more this year than last year, primarily due to the COVID-19 pandemic.
Adobe Analytics said in a recent report, online consumer spending this holiday season is set to jump by 33% from 2019, according to PC Matic.
Cyber crime is correspondingly rising along with the jump in online shopping.
The FBI recently revealed that cyber-scams are up by 400-percent since the onset of the COVID-19 pandemic, PC Matic said.
Avira said its researchers saw more e-commerce phishing scams than ever before in the third quarter.
Cyber attackers commonly imitated wellknown retailers, couriers and banks in order to gain access to financial and other personal information, Avira said.
The company has already spotted numerous phishing scams imitating Amazon, Chase Bank, DHL and others.
“Malware authors are notorious for taking advantage of opportunities, and 2020 has provided a great one for them,” said Alexander Vukcevic, direct of the Avira Protection Labs, in a news release. “We’re already seeing a greater flood of fake online shopping ads that mimic Amazon, and eBay, as well as fake bank and delivery notices from campaigns looking like PayPal, Chase Bank and DHL. Cyber attackers are out for money and sometimes identities, so people need to be smarter this season.”
Cheng said the most important protection is for shoppers to slow down and carefully inspect an email or link or attachment in the email before clicking on it. If it looks suspicious or doesn’t match the retailer’s web site, don’t click on it, he said.
“Don’t be in a hurry, take your time,” he said.
He said criminals will provide links that resemble a large retailer but it won’t be the exact duplicate.
“Instead of clicking on links in emails or downloading attachments, access the listed website yourself via the browser to make sure that the offer or any payment requests are genuine,” Avira said.
The sender’s email address or web address can be checked by using the cursor to hover over it without clicking on the link, Avira noted.
Avira, which is based in Germany and has offices in the United States, also provided several other tips to guard against cyber attacks:
• Update your device and software. Outdated software often has security loopholes known to hackers. By simply updating to the latest OS version available for your device, software or browser, these flaws are immediately fixed.
• Bookmark the authentic sites you want to visit. If you start shopping for a new iPhone when an 80% discount pops up, it’s probably too good to be true. Instead of clicking on popups, visit the retail websites directly.
• If you choose to shop on a website you’re not familiar with, check whether the connection to the provider is secured. To do this, look for the padlock icon located to the left of the browser address bar. Additionally, you can check if the URL on the website starts with “https://”. The “s” indicates that the Web connection has been encrypted and protected with an SSL certificate. Do not click on one without the “s.”
• Create custom passwords for shopping pages. Once cyber attackers get a password that is used for multiple websites, they can easily access individual accounts. Create strong passwords that are unique for each account. The easiest way to store, remember and manage these passwords is with a password manager.
• Beware of instant messaging scams. Scammers hijack instant messaging accounts by phishing their owners or sending them keylogging malware. Instead of clicking the link, search for the deal directly. Also, consider blocking messages from people on social media who you don’t know.
• Think twice before following hashtags. Attackers tend to use fake accounts to tag users in posts with malicious links, share fraudulent messages or retweet. To make them more credible, they use popular hashtags such as #blackfriday or #discounts. When looking at hashtagged content, make sure you’re checking the source to ensure it’s a credible one.
• Download your bank app to monitor your credit card activity. Cyber-criminals know you’re likely making more credit card purchases this time of year, and they hope you don’t notice illicit withdrawals. Many credit-card providers or banks now offer push notifications that immediately send a short message to the mobile phone during a payment process so illicit purchases can be recognized.