It’s the most wonderful time of the year. There’ll be much mistletoeing, and hearts will be glowing when credit fraud comes near… yes you heard me correctly. While the rest of the world has sugar plums dancing in their heads, phishing and credit card scammers are keeping network security defenders up all night every night. It’s a quiet but intense battle.
Now that online purchasing has hit a new record — the first $1billion online shopping day in history — scammers and hackers have redoubled their efforts to steal identities and credit card numbers. They feel that holiday shoppers (at work or at home) are easy prey because they don’t do this every day and may not understand that they’re being had.
I find it particularly interesting that users are being targeted during work hours, on their employer’s computers. In years past, the efforts were most prevalent at night, but not anymore. It’s a full hacking cycle 24 hours/day. And if they find their way into an office, they’ll have access to credit/identity information from every single employee as well as the corporate credit information.
You are the first line of defense
Those who are the most vulnerable are employees who are not heavy Internet users. Let them know that you know they’re shopping online (because they probably are) and give them a crash course in what to look for:
Never EVER open an email that looks like it came from a bank — even if it’s your bank. The only correspondence they can legally have with you by email is to send you ads. So to be safe, just delete everything from banks.
Do NOT open emails from the ‘better business bureau’ or the ‘FDIC’ or any business entity during the holidays — these are all fake emails sent by identity thieves. The current emails state that there is a complaint against your company, or that there is a tax issue. The form they ask you to fill out is designed to steal your identity.
My favorite identity theft email is a notice that looks like it’s coming from a major bank that says “you have a fraud alert on your credit card” and then there is an “update form” to fill out to protect yourself. DO NOT FILL THIS OUT.
What to look for in general
There are some sure warning signs that you should be looking out for every day, and especially now:
Emails sent by strangers or people you weren’t expecting mail from with folders attached. Especially Zipped folders. This is where the virus lives that can infect your computer. If you or your employees open these folders… good-bye network.
Web sites that ask you to enter credit information twice. Your credit information can be stolen from a Web site that you thought was legitimate if a hacker makes an Overlay page. This is a second page that prompts you for credit card information after you’ve already entered it on the ‘real’ site.
Use your gut — if something looks weird or unprofessional online LEAVE THE SITE. If your computer starts acting up right after you’ve been to a site like this, unplug your machine from the network and shut down immediately. (In that order)
Employers — Explore amnesty
One of the biggest reasons a security breach becomes a major issue for companies is that the employee who caused the breach is afraid to step forward. They know that it was a non-work related issue that caused the breach, so they see it as two major problems.
Let your employees know that you are aware (and tolerant to an extent) that they are shopping online, and that if something bad happens, you’d rather know right away than have a major issue develop. If you want to be extra safe, designate a room and a time for them to shop together — make it a social event… AND have a network administrator present to monitor for a cyber intrusion. Your employees will think you’re being a very cool boss. Meanwhile, this little bit of holiday spirit with your employees can save you a small fortune in network and credit repair. Happy holidays!
Marci De Vries is president of MDV Interactive, a web consulting firm in Baltimore. Reach her at firstname.lastname@example.org.