Avoiding the Cyber Crime Holiday

Price Waterhouse Coopers just released a report finding that cyber crime against businesses has soared in 2011.  While Cyber Monday might be over, the online shopping discounts will continue to get better and better as Christmas approaches.  In essence, the holiday ad bombardment won’t stop until the New Year bells have tolled.

The press gives a great deal of attention to consumer protection over the holidays.  I even wrote an article for ABC News on this just this week.  And for good reason.  This year 40% of consumers will have their information misused.

But given the just as staggering figures for online crimes against businesses, what are these companies supposed to do? Are there good practices that businesses should adhere to this holiday season? The short answer is yes.

For any business, consumers are your most important asset.  If your customers don’t trust you, you won’t be in business long. Just as a manufacturers takes steps to ensure that the products they make are safe for consumers, businesses that engage in online sales must give cyber security the same level of importance.  Hackers will check how easy it is to break into a site, so put up the online security locks and force them to go elsewhere.  Note that the bigger you are, the more of a target you become.  Hackers love to make headlines, so be on the ready if you are popular site.

And follow these security tips to get started on the right path to putting your consumer first:

Cyber security basics: Make sure your system is secure by encrypting usernames, passwords, and valuable personal information that belongs to your consumer.  Also, break up personal information, for example, store username separate from full names and addresses.

“Red Team” your site – bring in a team of white hat hackers (a service SSP Blue provides, for example) to do a security assessment – they can find security holes and help you fix them before the bad guys exploit them.

“Red Team” your site again – anytime you change anything on the site – add a feature, for example – make sure it goes through the Red Team process again before going live.  A new feature can sometimes break something else.

Teach secure coding – the best engineers still need training on how to write ‘secure code’.  If you outsource your engineering, demand the outsourced company do the same.

Insert ‘Teachable Moments’ throughout your site – teach your users how to be cautious online and how to navigate safely – so they make it part of their daily routine and trust you more in the process.

Staying alert, engaged, and secure this holiday season isn’t just for consumers.  Businesses need to be on guard as much as consumers do.

A few cyber security steps can make the difference between a prosperous holiday season and a lousy lonely one.

Cyber Monday: 6 Tips to Avoid Getting Hacked or Scammed

Cyber Monday — which for many stores begins Sunday — is almost upon us. That means that more than any other time of year, we’ll be bombarded with sales and deals and notices and ads. One study found 84 percent of retailers saying they would email consumers about holiday-shopping deals.

Your email inbox will be stuffed like a Thanksgiving turkey with all sorts of offers. Many will be legitimate. An ever-rising number will be scams targeting your identity and money.

Facebook may need you to click in the link in an email so they can verify your login information. UPS may send you an email saying you need to view the attachment to get details about a long-lost package. Your bank may send you an alert that your recent transaction was declined and they need your information immediately to correct the error. And a Nigerian Prince may notify you urgently that you’re about to receive $5,000,000…if you can just send him $500 to get the money out of a closed account.

If you think the only scam is the Nigerian Prince, you’re terribly mistaken. And this mistake can be costly.

According to Javelin Strategy & Research’s 2011 Identity Fraud Survey Report, 40 percent of all identity theft victims had their information stolen while making an online purchase.

Viruses and scams are becoming intertwined these days, and they are more cunning than ever. The latest trend in cyber infections is the active virus — a virus that cons you into taking some action.

Hackers and attackers are sending emails impersonating well-known and commonly used services like Facebook, UPS and your local bank in order to steal your information. They are very good at it. The emails look and sound legitimate even though they are designed to infect your computer or steal your personal and financial information.

How do hackers impersonate something like Facebook? Usually they fill an email with company graphics and links, which are easy enough to find via a Google image search. Often the hackers will go so far as to give you a warning reminding you to “be careful of scammers out there.” They even put privacy information on the bottom to make the email look official.

Among the “good,” legitimate-looking links in the email, there will be a note asking you to click a link to “verify” your login information. The link will take you to a site that’s dressed up to look like Facebook or a UPS page, for example, or it will open an attachment or drop a virus.

Once you’ve entered your identifying information — thinking you’re being smart and keeping up with privacy — the hackers steal your identity and money. Other emails might ask you to download a simple attachment that will actually launch a virus designed to give the hacker access to your computer and everything in it.

How can you avoid falling prey to these scams?

  • Check addresses carefully. Hackers send you messages from addresses that look legitimate and don’t raise alarms. But if the email address is “[email protected],” you can be sure that it’s not from Facebook. So don’t click the link in it. If it’s an official email, it will come from an official, company address.
  • Check the address again! Sometimes hackers even use technical tricks to make the address the email came from end with a legitimate, well-known domain. An example might be “[email protected].” Emails like these often contain infected attachments.
  • Research and use online security tools and services. Some of them are free — a good example is BillGuard, which scans your credit card bills for questionable charges. BillGuard says it has saved consumers more than $500 million in fraudulent charges consumers might otherwise not have noticed
  • Avoid attachments. Unless you personally know the sender of an attachment or email, do NOT download or open the attachment. If you are tempted, at least run the latest anti-virus, anti-phishing and anti-spyware software on your system.
  • Do your research. Most scams are talked about on the Internet somewhere. Google the type or wording of the scam and see what comes up. A site called www.snopes.com offers lots of information about new and old scams. Also, call the company from which the email is allegedly coming. If you’ve gotten an email from a bank and you call the bank but they have no record of your transactions, the email is a scam or a virus.
  • Go with your gut. If an email seems fishy (or “phishy”), it probably is. Use the common sense you use in the real world — it may seem obvious, but for whatever reason many people often suspend their common sense in the online world.

The holidays are all about giving — but not to scammers and hackers.

Be A Safe Santa Online

Safe Santa OnlineSadly my three older kids ages 10, 14 and 15 found out the truth about Santa a few years ago when they snuck into the attic on Christmas Eve and found their Christmas gifts; while my 5 year old still awaits Santa’s visit.  Even more sadly (for me), now that they know that Santa is not a poor old man living in the North Pole giving gifts to children around the world but is instead their father who has a wallet and who personally knows how hard they have worked in school all year. I, like most Americans who play the role of Santa and are too busy to spend all day at the mall shopping for their children, am relying on the vast online shopping possibilities that the wonderful world of the Internet provides.

Online holiday shopping is in fact more successful this year than ever before according to a MuyBuys, Inc. press release from yesterday that showcases the successful Cyber Monday sales numbers that well known big box retailers are reporting.  In fact, iStockAnalyst points out that Cyber Monday sales crossed the $1 billion mark making it the busiest online shopping day ever.
Wall Street will no doubt debate whether the economy is rebounding or whether we are still stuck in a recession.

While they debate away, one fact is indisputable about our economic situation – consumers are showing much more confidence when it comes to shopping online.

And that leads to another fact that is just as indisputable – scammers are showing much more confidence when it comes to ripping off excited online shoppers.

To put it in perspective, think of the local malls we all visit – the more shoppers go there to shop, the more thieves show up to steal wallets and purses – and they don’t always distinguish between Neiman Marcus and Target as long as there is cash inside.

So let’s make being Santa online safe –

The FBI’s Internet Crime Complaint Center (IC3) provides lots of good tips on avoiding online scams – everything from credit card fraud to identity theft.  Check it out here.

Merry online shopping to my fellow Santas.