{"id":121956,"date":"2020-11-30T06:00:08","date_gmt":"2020-11-30T14:00:08","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=121956"},"modified":"2021-07-26T11:45:36","modified_gmt":"2021-07-26T18:45:36","slug":"u42-cybersecurity-tips-safer-holiday-shopping","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/11\/u42-cybersecurity-tips-safer-holiday-shopping\/","title":{"rendered":"Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season"},"content":{"rendered":"

2020 has been a year like no other, with the COVID-19 pandemic changing our everyday lives \u2013 particularly the way we celebrate the holidays. As a Unit 42 threat researcher, my mind goes to the holiday shopping season and helping consumers stay safe online.\u00a0<\/span><\/p>\n

Just as holiday decorations seem to go up earlier and earlier each year, the surge of online shopping seems to start earlier every year too. The existing trend has grown even more pronounced with many retailers advising customers to shop earlier than ever due to <\/span>potential pandemic-related shipping delays<\/span><\/a>. Amazon Prime Day on Oct. 13 and 14 has become an unofficial start to the holiday shopping season, followed by Black Friday and (of course) Cyber Monday. That all leads into Christmas, Hanukkah and other winter holidays.<\/span><\/p>\n

However, with an extended holiday shopping season \u2013 one that will be predominantly online due to COVID-19 \u2013 come more opportunities for cybercriminals to target consumers with a variety of attacks.\u00a0<\/span><\/p>\n

To help you avoid the top four threats that consumers should be aware of, here are Unit 42\u2019s 2020 cybersecurity tips for safer holiday shopping.\u00a0<\/span><\/p>\n

 <\/p>\n

Protect against ransomware by separating work and personal devices.<\/h2>\n

2020 has been the year of <\/span>ransomware<\/span><\/a>. Attackers have been <\/span>brazen during the COVID-19 pandemic<\/span><\/a>, primarily targeting <\/span>healthcare organizations<\/span><\/a>, <\/span>educational institutions and municipalities<\/span><\/a>.\u00a0<\/span><\/p>\n

While attackers have largely targeted the enterprise and public sector this year, we may see consumers who are working from home and doing their shopping on their work devices get targeted by attackers. The goal for the attackers would be to compromise the consumer\u2019s work device, get on the corporate network and infect the organization with ransomware.<\/span><\/p>\n

Consumers should remember to do their work stuff on their work device and their personal stuff on their personal device. This avoids giving attackers an opportunity to target a consumer\u2019s employer.<\/span><\/p>\n

 <\/p>\n

Examine email offers carefully to avoid phishing scams.<\/h2>\n

The most common threat vector for attackers is the phishing email. It\u2019s easy and it works, and it\u2019s another area where we\u2019ve seen attackers <\/span>emboldened during the COVID-19 pandemic<\/span><\/a>.\u00a0<\/span><\/p>\n

During the holiday shopping season, consumers should be on the lookout for a variety of phishing scams, such as fake shipping notices, fake order confirmations and bogus charities.\u00a0<\/span><\/p>\n

Remember to think before you click. Don\u2019t click on links from unknown sources. If a deal or offer seems too good to be true, it probably is.<\/span><\/p>\n

 <\/p>\n

Double-check domain names to ensure you\u2019re visiting the website you intend to visit.<\/h2>\n

One of the top threats that Unit 42 has observed this year is <\/span>cybersquatting<\/span><\/a>, where cybercriminals register domain names that appear related to existing domains or brands, with the intent of profiting from consumers\u2019 typing mistakes. The purpose of squatting domains is to confuse consumers into believing that legitimate brands own these domain names (for example, convincing people that walrmart44[.]com belongs to Walmart).\u00a0<\/span><\/p>\n

With consumers primarily doing their holiday shopping online this year, attackers will be active in setting up squatting domains that are similar to the stores where people love to shop. For example, Unit 42 <\/span>discovered<\/span><\/a> that Amazon is one of the top abused domains in 2020.\u00a0<\/span><\/p>\n

Consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site. Look for that lock symbol or the \u201chttps\u201d in the browser.\u00a0<\/span><\/p>\n

 <\/p>\n

Keep an eye on credit card statements to catch formjacking attacks and other suspicious activity.<\/h2>\n

Another top threat that Unit 42 has observed this year is <\/span>formjacking<\/span><\/a>, where cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site\u2019s form page. It is designed to steal credit card details and other personal information from payment forms that are captured on the \u201ccheckout\u201d pages of shopping websites.<\/span><\/p>\n

The challenge for consumers who are doing their holiday shopping online is that formjacking attacks are difficult to detect. Your transaction will go through, but behind the scenes, your credit card information is being stolen by attackers \u2013 and could potentially be sold on the dark web.\u00a0<\/span><\/p>\n

Consumers should make sure to double-check their credit card statements to ensure there\u2019s no suspicious activity.\u00a0<\/span><\/p>\n

In general (not just related to formjacking), consumers should always use a credit card, or prepaid gift card, when making purchases online. This ensures a quick resolution in the event that a cybercriminal gets the card information and makes, or tries to make, a purchase. With prepaid gift cards in particular, it also limits the amount of money a cybercriminal has the potential to steal.<\/span><\/p>\n

For more cybersecurity tips from Unit 42 on how to keep your household safe, see \u201c<\/span><\/i>Cybersecurity Tips for the Household CIO of 2020<\/span><\/i><\/a>\u201d and \u201c<\/span><\/i>How to Protect Against Cyberattacks When Working From Home During COVID-19<\/span><\/i><\/a>.\u201d <\/span><\/i><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

We share cybersecurity tips for safer holiday shopping based on the top threats our Unit 42 threat researchers observed in 2020.<\/p>\n","protected":false},"author":89,"featured_media":121959,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6719],"tags":[3967,7314,7369,586],"coauthors":[736],"class_list":["post-121956","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-company-culture","tag-best-practices","tag-cybersecurity-tips","tag-online-shopping","tag-unit-42"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/11\/Cyber-Monday-Blog-400x300-V1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/121956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=121956"}],"version-history":[{"count":2,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/121956\/revisions"}],"predecessor-version":[{"id":121958,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/121956\/revisions\/121958"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/121959"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=121956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=121956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=121956"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=121956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}