Perhaps due to the long winter and delayed arrival of spring, Canadians are embracing eCommerce in growing numbers. According to comScore, Canadians spent over $22-billion online last year and are viewing more web pages per month than the rest of the world.
However, 19% of Canadians cite security risks as a compelling reason not to shop online, with identity theft leading their concerns. Their worry isn't off base -- like all bad guys, cybercriminals go where the money is. In fact, 1.5 million people are victims of cybercrime everyday -- that's 18 incidents per second!
The Internet is full of hidden dangers. According to Symantec's latest Internet Security Threat Report (ISTR 18), last year web-based attacks increased by 30% and many of these attacks originated from the compromised websites of small businesses.
Some websites -- even legitimate ones from reputable businesses -- can be tampered with if left vulnerable. A compromised website can steal information when unwitting customers proceed through the checkout and payment process.
Here are two examples of how cyber criminals wreak havoc.
Malvertising is on the rise and involves the tampering with of ads served on web pages. Attackers buy advertising space on legitimate sites and then create malicious ads that hide attack code. When users click on the ad, they download malware to their computers. The web site owners are completely unaware that their site has been compromised.
"Watering hole" style attacks are also on the rise, most famously with recent attacks by the Elderwood Gang. Criminal syndicates are infecting vulnerable, highly lucrative, and legitimate sites that are not normally blacklisted. The attackers will infect the site with malicious code and then lay in wait for their victims to visit. Once the victims are infected, the attackers now have access to a large user base from which to steal banking credentials and other financial information. The end game is fraud and identity theft.
Cyber criminals will often leverage the weak security or vulnerabilities of small businesses to access the larger customers and partners within their network. Symantec's ISTR found that by focusing on the weak link in the supply chain, one watering hole-style attack managed to infect 500 organizations in a single day!
PROTECT YOURSELF, YOUR COMPANY, AND YOUR CUSTOMERS
While we can't protect the contents of your wallet from your own online spending, we can help protect it from getting into the hands of thieves. Here are some tips to ensure you have a pleasant and safe online shopping experience.
1. Look for an HTTPS and/or padlock in your browser address bar before submitting personal information on a website. The "s" stands for secure and it can't be faked by criminals. Also look for a trust mark. It proves that the website is legitimate and not a spoofed website.
2. Keep your Internet browser up to date. Because browser security holes are a common pathway for spyware and adware downloads, it's important to apply any and all security patches when they become available for your browser.
3. Avoid banking or conducting any financial transactions on public Wi-Fi connections (both free and paid). To make it easier for users, many public Wi-Fi hosts disable much of the security built into their wireless devices, leaving your data to pass unprotected through the air where it can be intercepted by crooks.
4. Engage your gut. If an offer in an online ad or email sounds too good to be true, it probably is. You may be tempted to click but you'd be wise to stay away.
5. Be password savvy. "Cooldude" is not an acceptable password. Use strong and different passwords for your identity authentication. Do not use the same password for your email, social networking and online banking accounts.
Practice strong password controls:
• Change your password every six months
• Use passwords with at least eight characters
• Use a random mixture of characters -- upper and lower case letters, numbers, punctuation marks, and symbols
• Don't use words found in the dictionary
• Never use the same password twice
Businesses and consumers need to take responsibility for their website security. Both can be victims of malware, phishing and malvertising threats. For the online business, advanced security, and policies must be implemented to protect the company's brand, reputation, and "online trust" with their customers. Here are additional tips from Symantec for businesses to follow to ensure their customers and websites are protected.