Holiday shopping will look very different this year. With much of the country still observing lockdown and social distancing guidelines due to the pandemic, shoppers will make more purchases online and through mobile devices instead of in-person. As such, hackers view this as a huge opportunity to prey on consumers and are already gearing up.
Just last month, hackers targeted Amazon Prime day shoppers with phishing emails and texts compromising customer accounts. Another looming threat is account takeover attacks, which are expected to surge this Holiday season.
Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan weighs-in on holiday threats this year:
“We’re seeing stores push Black Friday into an entire month-long online event this year, rather than a traditional in-store happening. Retailers are already marketing to have consumers start their holiday shopping early and encouraging consumers to use mobile apps for their shopping. As such, consumers shopping online or via mobile devices are urged to be especially cautious while looking for deals and sales. While retailers are encouraging consumers to shop early by offering great deals with short time frames. Hackers are leveraging exactly this type of scenario to create a false sense of urgency and lure users into an attack.
In addition to exercising caution, consumers should trust their gut and if a deal seems like it is too good to be true – it probably is. I also advise consumers to avoid engaging with all ads on social media apps like Facebook, Twitter and Instagram, which can give hackers the details they need to sideload apps and steal personally identifiable information (PII).
Remember to be careful if you receive targeted email ads by checking links before you click them and by looking for spelling or grammar mistakes. When shopping through mobile apps, make sure you protect your account and credentials by installing the latest version of the app from a verified app store. Many apps offer multi-factor authentication, which you should enable in addition to setting up strong push notification authentication. Avoid SMS authentication unless it is the only option available and avoid using public wi-fi networks when entering sensitive information such as credit card or bank account details.”