Cyber Monday is just days away and cybercriminals are preparing for it like an athlete would for Super Bowl Sunday, one security professional said.
“The number of people that are going to be online Monday with their credit cards sitting next to their keyboard is really a numbers game,” Paul Judge, co-founder and chief technology officer of web security firm Purewire, told SCMagazineUS.com on Wednesday.
“Cyber Monday” is the cyber-equivalent of “Black Friday” in the brick-and-mortar world. It occurs Dec. 1, the Monday after Thanksgiving -- one of the biggest online shopping days of the year.
In preparation for the event, cybercriminals are registering new domain names, purchasing advertisement space and creating user profiles on social networking and e-commerce sites to host malicious content and lure users into clicking on it, Judge said.
Attackers will be creating fake e-commerce sites hoping users will voluntarily hand over their information, a socially engineered cyberattack, as opposed to more elaborate, technical methods in a cybercriminal's arsenal.
“With a fake commerce site, you don't need to steal a user's information, they will hand it over to you,” Judge said.
Derek Manky, security researcher for Fortinet, provider of unified threat management security, warned users of “too-good-to-be-true” spam advertisements designed to lure bargain shoppers.
Researchers at Marshall8e6's threat labs are also expecting threats that prey on shoppers' need for a good deal because of the economy. Threats will likely come in the form of phishing emails with fake coupons in them and posts to message boards with malicious links, Mark Parker, senior product manager at Marshal8e6, told SCMagazineUS.com on Wednesday.
When chasing the better deal online, users should not compromise the quality of the vendor, experts said. The safest route is to stick with reputable brands and vendors.
A survey released last week, conducted by St. Bernard Software, found that 36 percent of the 200 respondents expect to shop online while at work this holiday season.
Enterprises should remind employees to use good practices when shopping on the internet, have a solution in place to block malicious code and phishing emails, run reports and monitor user activity, Parker said.
Judge said organizations should have an anti-virus solution in place that scans web traffic, not just one that runs on a mail server or an individual's computer. Enterprises without the proper security measures in place should consider locking down access to personal sites until the network is better safeguarded, he added.