• About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consulting Services
    • Cyber Executives
  • News & Resources
    • In the News
    • Blog
    • Resources
  • Contact
Can We Help?
  • About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consultancy Service
    • Cyber Executives
  • News & Resources
    • In the News
    • Blogs
    • Resources
  • Contact
  • Can We Help?

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers can expect to see a huge boom in sales as everyone makes a mad dash to take advantage of discounted prices and make sure they don’t miss anyone off their gifting list. So, of course, it’s all hands on deck for those working in the industry. However, the increase can come at a price as brand-name consumers become a prime target for cybercriminals globally.

Just last week the FBI put out a Public Service Announcement (PSA) reminding the public to be aware of the risks regarding Brand Phishing. The warning goes on to note “cybercriminals are very likely developing and selling scamming tools to trick consumers of brand-name companies into revealing personal account information to compromise accounts and bypass online security protocols, most notably two-factor authentication (2FA).”

Businesses around the world could find themselves or their customers a victim of identity theft or have their payment details stolen, which is not something you want to happen at the best of times, let alone just before the holiday season. A report from the National Cyber Security Center (NCSC) warned over 4,000 small businesses about payment portals that have been compromised within their websites. Most of these compromises were noted to be caused by vulnerabilities in the Magento open-source e-commerce platform known as the Magecart attack. The vulnerability could put a business in danger when consumers use first-party payment options within some e-commerce platforms.

But, What Is The Magecart Attack?

A Magecart attack is where a malicious actor injects malicious code (typically JavaScript) into the payment page or checkout of a website and then skim (steal) the data submitted. Targets can either be the retailer or an entity within the supply chain that supplies code to the retailer. Regardless, if customer data is stolen both the customer and the business's reputation will be harmed.

Why Should You Care?

Since over 4,000 SMEs have been identified as vulnerable and compromised, there is a chance that your payment details or Personally Identifiable Information (PII) could have been stolen, making the holiday period far more stressful than it already can be. If you are an SME business owner, you could run into issues with upholding your reputation in the unfortunate circumstance where customer data has been stolen.

So, How Do You Protect Yourself?

As a customer there are multiple avenues you can try to mitigate risk and remain vigilant:

If it sounds too good to be true, it probably is: Despite the tempting Black Friday, Cyber Monday and Christmas deals that you’re bound to see everywhere, always abide by the good old saying that “if a deal sounds too good to be true, then it probably is.” Trust your gut. If there’s a chance the offer isn’t legitimate then do your due diligence and make sure you are extra aware of the possibility that all is not as it seems.

Utilise third-party payment processing: Another step to try to mitigate any issues as a consumer, especially if you’re shopping with SME businesses, is to ensure a third-party payment processing vendor is used. PayPal and Amazon-Pay are just a couple of examples of these third-party payment options which are less likely to be targeted in an attack like Magecart due to their strong focus on ensuring safer transactions.

Be aware of the URL: Take extra care to be vigilant about the websites you’re visiting and purchasing from. One way you can do this is by ensuring the URL is what you expect it to be. For example, if you’re shopping on Amazon UK you would expect the URL at the top of the browser to say https://www.amazon.co.uk and not something like http://www.aamaz0n.gg. One major thing to pick out in the example is the ‘s’ in ‘HTTPS' which is an indication that the page is encrypted and much harder for cybercriminals to acquire your data when you’re on a vendor’s website.

If you’re the one managing the e-commerce platform then there’s a couple of things you can do, too. Ensure that the payment system in place is as up to date as it can be and make sure regular patch management is carried out to ensure known vulnerabilities are patched. From our experience, Plugins and Frameworks are both widely forgotten about when it comes to patch management meaning they are regularly exploitable.

To sum it up, the festive season is rife with cybercriminals targeting and exploiting consumers. There will be many incredibly enticing deals out there that make it easy to forget malicious entities exist, so take extra care to remain vigilant when buying online so you can mitigate the chance of being subjected to attacks like Magecart. And, if you’re on the business side, ensure that the necessary protections we’ve listed above are followed and do your part to make your customers feel safe shopping with you.

Related articles

Posted on December 29, 2021

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto…

Posted on December 16, 2021

CSA Awards of the Year 2021

As we near the end of year, an incredibly busy year for our teams in terms of growth and innovation, we wanted to take a moment to…

Posted on December 14, 2021

Cyber Essentials Changes: Here's Everything You Need To Know

Rapid digital transformation, mass adoption of cloud-based services and migration to home-working were necessary changes for businesses…

Posted on December 8, 2021

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains…

Posted on October 20, 2021

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag…

Posted on October 13, 2021

September Security Roundup

Currently, the world faces not one pandemic but two: Coronavirus and the rise of ransomware attacks…

Posted on October 10, 2021

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable…

Posted on October 6, 2021

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move…

Posted on September 15, 2021

​​The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to…

Posted on September 7, 2021

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis…

Posted on August 19, 2021

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches…

Posted on August 13, 2021

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked…

Posted on May 12, 2021

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year…

Posted on March 23, 2021

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has…

Posted on January 10, 2021

Covid-19: How to prepare your staff
for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly…

Posted on December 13, 2020

Covid-19: Cyber Criminals Launch
Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken…

Posted on November 20, 2020

The rise of Covid-19 phishing scams

Whilst the rollout of the Covid-19 vaccine across the UK brings with it the good news…

About

  • About Us
  • Our Expertise
  • Meet The Team
  • Careers

Managed Services

  • Overview
  • Monitoring & Detection
  • Protection
  • Response
  • Training

Consultancy

  • Consulting Services
  • Cyber Executives

News & Resources

  • In the News
  • Blog
  • Resources

Cyber Assessments

Can We Help?

Partner Portal

Contact

Head Office Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
©2022 Cyber Security Associates. All Rights Reserved.
Terms of Use Privacy Policy
Powered by P1C
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Cookie settingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT

Can We Help?