Weekly Comments

5 - 13 November 2018

As the festive season approaches, more shoppers are going online to shop for year-end gifts and snap up commodities on festive promotions.
As the festive season approaches, more shoppers are going online to shop for year-end gifts and snap up commodities on festive promotions. Promotions for Singles’ Day are over, and shoppers around the world await Thanksgiving Day, Black Friday, and Cyber Monday. Now is the especially busy period for cybercriminals who are targeting both online shoppers and online merchants to make away with their share of festive bounty.

Online shoppers may find themselves targets of phishing websites, phishing emails, greeting card scams, impersonation scams, travel scams, and SMS scams. These scams may deceive shoppers with unbelievably attractive discounts and trick them into clicking malicious links or disclosing personal information. On the other hand, online merchants who do not provide secure payment services for customers or have yet to patch their web servers and software with the latest versions may find themselves at the mercy of cybercriminals who have no qualms about compromising vulnerable websites for financial gains.

We advise online shoppers and online merchants to step up cybersecurity measures during this festive season. We urge online shoppers to avoid using public Wi-Fi networks when making online transactions, and ensure the website supports secure payment service before making online purchases. In addition, we recommend online merchants to patch their web servers and software to the latest versions and ensure their websites provide secure payment service for customers. Online merchants should store the database containing sensitive payment and personal information offline and implement two-factor authentication for customer logins to prevent credential stuffing attacks. 

References:
[1] [SingCERT] Festive Shopping Advisory for Shoppers and Online Merchants
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence