Keep the Stuffing for Your Thanksgiving Dinner: Staying Safe This Cyber Monday
Dr. Frederick Scholl, cybersecurity program director, Quinnipiac University
This upcoming "Cyber Monday", November 30th, is likely to break records for e-commerce shopping. At the same time, cyber criminals have been planning to attack for months will also be out in force. This article highlights some steps you can take to protect yourself and your family. High risk events like Cyber Monday are a perfect time to take a break and improve your security defenses.
What are some of the threat trends we’ve seen over the past 9 months? Hackers are resorting more to “credential stuffing”, in which they use automated tools to guess user account information. Now that most retailers use “chip and PIN” scanners at checkout, criminals are using more sophisticated electronic skimmers on e-commerce sites. They’re also continuing to use tried and true methods like phishing, including many COVID-related scams. In the rest of this post, I will look at the best defensive techniques that you can easily implement.
So, what is credential stuffing? (Hint: you don’t put it in the turkey). This is an attacker method where criminals use previous username/password combinations to try to hack in a different e-commerce site or social media site. They buy the username/passwords on the dark web to begin with. Possibly they or someone else originally hacked the latter site. How to reduce the risk here?
First, check if any of your site credentials have already been hacked. Go to www.haveibeenpwned.com and search, using your email address. If any sites come up, immediately change the password for those sites. Next, make sure you use a password manager software tool, so you can enable a different password for each site. Three popular password managers include: LastPass, Dashlane and Keeper. All three have some type of free plan for personal use.
Hackers have recently turned to skimming card information from legitimate e-commerce sites; this was necessitated after chip-based credit cards stopped point of sale theft. Hacker gangs are using crimeware tools like MageCart to steal your card information and then use your card to make fraudulent purchases. Hackers install the crimeware on legitimate sites. Money mules send the goods out of the country. Criminals are preying on new e-commerce sites popping up because of the pandemic. You should limit shopping to the trusted vendors you have been using. You also need to regularly review your bank and credit card statements to spot fraud.
Basic computer hygiene continues to be important, especially since more people are working and relaxing at home. It’s unlikely hackers will be attacking your home computer, but work information may be more attractive to them. Basic security steps include:
- Make sure your family members use their own computers for game playing, not a computer you use for banking or work. Sharing a computer just provides another entry way for hackers, from the gaming application to your banking application.
- For those few traveling during the holiday, make sure to use a VPN (Virtual Private Network) service on your mobile device. These will help defeat “man in the middle” attacks from cyber criminals that may be lurking in coffee shops, train stations or airports.
- For all your banking and finance sites you should be sure to implement “multi-factor authentication”. This goes beyond simple passwords and requires you to have a physical device, like your phone, to log in.
The most important thing to remember is that none of these actions will guarantee that you are safe. You still need to be alert and look for any indication of changes to your computer or information. Hackers are constantly coming up with new attack methods, especially during the holiday seasons from now to the end of the year.
Learn what Quinnipiac University's MS in Cybersecurity program can do for your career whether you are a seasoned professional or just starting out.