Commentary from the Kaspersky Lab team
The recent incident, which caused the exposure of a large amount of client emails from a popular online shop, is worrying. Emails may seem a small matter compared to the theft of bank details or other data breaches, but this sort of information is in fact precious for scammers.
It’s important to understand that any personal data can be used by cybercriminals to target their victims. For example, if criminals compromise a company and get hold of their customer’s email addresses, they can create an automatized spam mailout that mimics an authentic email, and entices users to follow a malicious link or download a malicious file onto their devices.
Now is the time to be extra careful. The world is heading into the busiest shopping season of the year, starting with Black Friday, and people are hurrying to bag fast-disappearing exclusive deals from the tons of e-mails in their mailbox. It’s becoming quite common for people to thoughtlessly compromise their bank accounts by following a phishing link and entering their bank credentials. It’s all too easy to do so. In fact, our research shows that malware designed to steal data from online banking and payment accounts has extended its reach to target online shoppers: in the first eight months of 2018, we detected 14 families of malware like this, targeting 67 different popular consumer brands around the world, including big online retail platforms.
“Amazon sent out a warning as soon as the leak was exposed. And, although Amazon’s actions have been criticized for a lack of technical detail and a recommendation not to change users passwords, it’s great that company’s representative’s didn’t hesitate to warn their customers about possible threats, asking them to be on the lookout to minimize possible damage,” said Tatyana Sidorina, security researcher at Kaspersky Lab.
To keep yourself safe from fraudsters this Black Friday, Kaspersky Lab recommends taking the following precautionary measures:
- Always check the link address and the sender’s email to find out if they are genuine before clicking anything – very often phishers create URLs and e-mails that are are very similar to the authentic addresses of big companies, yet differ from them with one or two letters.
- To make sure you follow a correct link, do not click on it, but type it into your browser’s address line instead.
- Do not enter your credit card details in unfamiliar or suspicious sites and always double-check the webpage is genuine before entering any personal information (at least take a look at the URL). Fake websites may look just like the real ones.
- If you think that you may have entered your data into a fake page, don’t hesitate. Change your passwords and pin-codes ASAP. Use strong passwords consisting of different symbols.
- Never use the same password for several websites or services, because if one is stolen, all of your accounts will be put at risk. To create strong hack-proof passwords without having to face the struggle of remembering them, use a password manager such as Kaspersky Password Manager
- To ensure that no one penetrates your connection to invisibly replace genuine websites with fake ones, or intercept your web traffic, always use a secure connection – only use secure Wi-Fi with strong encryption and passwords, or apply VPN solutions that encrypt the traffic. For example, Kaspersky Secure Connection will switch on encryption automatically, when the connection is not secure enough.