Protecting Purses and Digital Wallets

Protecting Purses and Digital Wallets

It’s that most wonderful time of the year, when hearts and wallets open wide… and when scammers, cybercrooks and other bad actors work overtime to earn coal for their stockings.

Why worry?

• According to a Nov. 15, 2021 Statista report, 80% of Canadian consumers shopped almost equally online and instore throughout the year – and that includes teens. Yes, teens. 19% of Canadian teens (13 – 17) have their own cards on their parents’ accounts, so they can easily shop online. And do. And they tend to be more trusting / less vigilant when in malls.
• Fa-la-la form jacking. Form jacking? That’s when cyber thieves hijack payment forms on popular shopping websites, to steal personal and credit card data. You make a purchase from a reputable vendor, only to have your data snatched and sold on the dark web. This data then gets used for phishing so these online criminals can gain entry to whatever associated networks they can. When it’s your employees and other stakeholders, it will be your network.
• The Retail Council of Canada is forecasting strong bricks and mortar retail sales from now until after New Year’s. Today, mall shoppers must not only protect their purses, bags and pockets from sticky fingers, card cloning devices and RFID data scanners, but their phones from similar tools and preying prying eyes. Again, not only do bank accounts get breached, but related networks, too.
• You also need to guard against fingerprint hackers. They can lift fingerprints from photos taken up to 10 feet away and use these phantom fingerprints to gain access to your phone, laptop and whatever you’re using.. They would then have to get hold of your device, of course, but it’s scary to think that it is being done

What should you do? And what advice do you give employees and family members?

• Depending on whose research you read, anywhere from 53 – 69% of people leave their phones unlocked, making it easier for them to be hacked. So, insist that your staff and your kids lock their phones – though your employees are more likely to need reminding than your children.
• You have no way of knowing if your card or bank accounts have been compromised until the bills come in, so remind people that it’s critical to check accounts online regularly at this time of year. Better yet, to use a prepaid credit card when shopping online.
• Encourage people to separate work and personal devices. For the past 18 months, municipalities, education and healthcare have been the biggest targets for ransomware. Considering the number of people using their own phones to connect to work, ensure your network security is working optimally, and install endpoint security on all mobile devices. Yes – offer it for personal devices, too.
• Suggest – strongly – that people only download shopping apps from trusted sources such as the Amazon App Store, Apple App Store, Google Play Store, etc. Remember, they’ll be connecting to your network again once they’ve finished shopping. You might also want to suggest they…
• Ho-Ho-Hold on before clicking on that sales link. We all know that if a deal seems too good to be true, that’s usually the case. For some reason, people are less cautious around the holidays. Remind everyone in your personal and professional network to be on the lookout for phishing scams and ransomware. They’ll arrive, much like Santa in the night, in email notices containing appeals from fake charities (and some of the children’s ones can make you cry ), fake shipping notifications, fake order confirmations and a myriad of other things to tempt you.

But, as you know all too well, those aren’t the only ways that malware or ransomware are being spread.

In fact, there are two relatively new phishing phrases in play this shopping season: SMSishing and Vishing. It almost sounds like the punchline in a joke when you say the words aloud, but what they represent is far from funny.

SMSishing: When hackers send “Trojan horse” text messages to phones and then steal your data.

Vishing starts with an email that includes a highly plausible payment notice or invoice, from a merchant the recipient has used, within the actual body of the email.

When the victim phones the call centre number in the email to dispute the charge, the oh-so-helpful customer service advisor captures banking and credit card information while confirming the person’s identity. You know how the story unfolds, so I will simply repeat a caution from KnowBe4, one our partners: “Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.”

This means you need to remind everyone in your network to be extra cautious as we ramp-up to the holidays, and again as we decompress after the 2022 New Year’s eve ball drops.

KnowBe4, whose offering integrates well with Cisco and other solutions, has an application to identify scam email before it’s opened. KnowBe4 is offering a free resource kit, which you can access. You may also want to provide the link to work stakeholders, as well as friends and family.

Even though you may be still be avoiding holiday crowds and pickpockets this year, cyber criminals are stalking you. So, please…

Contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 Toll Free) to learn more about adding KnowBe4 , Amp, Umbrella or Duo (all great tools in the fight against felons) to your security arsenal. Don’t worry; if you’re not a Cisco user, we can still get you covered.

In the meantime, we wish you happy and safe shopping!