Application security

‘Tis the season for holiday shopping scams

With Black Friday here and shoppers using every online method available to find the best deals, Cisco Talos Security Intelligence and Research Group warned shoppers that cybercriminals will also be out in force this holiday season.

The researchers warned that malvertising and email spam are expected to be among the favored attack vectors this year with a special focus being placed on mobile shoppers. Android users are particularly vulnerable because most users run older versions of the operating system that lack the security updates necessary to combat modern threats.

“This is worrisome for the simple reason that most mobile devices do not posses the ability to block many of these threats, leading to increased vulnerabilities as attackers seek profit gain during the busiest time for online commerce, according to the Talos blog.

If this weren't reason enough for cyber thieves to focus on mobile devices, Adobe is reporting that for the first time the majority, 51 percent, of online shopping will be done on a mobile device. Total online spending for 2015 is expected to be $83 billion, an 11 percent increase from 2014.

 

One defensive solution suggested is for mobile shoppers to install ad-blocking software to protect against malvertising threats. However, even this recommendation comes with a caveat as some popular ad-blocking solutions create privacy issues because they require the user to send all of their web traffic through a single proxy host where the ads are removed, Talos researchers said.

Talos and Adobe also said a safe practice for shoppers is to make their online purchases from the store's website and not through sites recommended by social media, email or display ads are the prime methods criminals will use to direct people to malicious sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.