Recent Consumer Threat Wrap-up – What Merchants Should Know
As we say goodbye to this year and usher in the next, it’s important to look back on some recent events that occurred with respect to consumer security. Businesses have a responsibility to keep personal and financial data safe, and part of that comes from staying informed on the latest cyber perils your customers are facing.
Hackers are getting smarter, and merchants have to learn how to stay one step ahead—or risk falling victim to the ever-growing list of threats. Keep your company out of the headlines in 2013 by staying up to date on today’s biggest cybersecurity stories! Below, we break down three recent consumer cybercrime incidents and why they matter for online merchants and the state of eCommerce as a whole.
Rise of the Cyber Crime Black Market
Cyber crime has become a booming business according to reports, with personal information like credit card numbers and email addresses earning hackers $388 Billion in 2011 alone. Aside from established hacker groups, even junior cybercriminals have been able to get in on the action with access to a litany of inexpensive phishing tools, as well as free software and hacking tutorials on YouTube. Recent exploits around the ZeuS banking Trojan and Internet Explorer zero-day attacks have brought the reality of a cyber black market to light.
Despite the ease with which hackers can get their hands on dangerous tools today, there is hope for both merchants and consumers. For merchants, having proper back-end and front-end protection is essential for keeping websites safe for online shoppers. Start by enlisting the help of a third-party security provider to get daily vulnerability scanning and virus removal in the event something is discovered. Additionally, utilizing products that allow consumers to tell if your site is safe—like a Trustmark or SSL certificate—can go along way for building confidence.
Operation High Roller and the Rise of Automated Cyber Attacks
Cybercrime is becoming automated, and the Operation High Roller global fraud ring showed just how sophisticated, and dangerous, it can be. Recently discovered by the McAfee Labs security team, this series of attacks was carried out automatically, with essentially no hacker involvement on the front-end. Using phony “change password” notifications, the scam was able to trick users into downloading malware onto their computer that in turn stole their bank account information—and any money in there along with it.
While these particular attacks were focused on victims’ bank accounts, there are endless possibilities for where hackers can and will strike next. Ecommerce has already become a tempting target for hackers, so it’s crucial for merchants to be prepared—and help customers protect themselves in turn. Hackers, like those behind Operation High Roller, are getting better at imitating real business logos and corporate email templates to trick users into providing account details or clicking malicious links. Keep your brand from falling victim to a similar scheme by following strict protocols when communicating with customers about changing/retrieving passwords or account issues to better avoid fraudulent activity.
1.6 Million Login Details Leaked by Ghost Shell Hackers
The recent Team Ghost Shell attacks and subsequent dump of millions of records online highlights the precarious state of password security today. The hacker group hit over 30 websites, many belonging to top US and European organizations including NASA, along with other high-profile breaches this year. This event and many others like it, underlines the need for both better back-end protocols and password security. Using different passwords for every site would ensure that if one site were to be hacked, other accounts wouldn’t be compromised as a result.
While you or your customers may never be completely safe from determined hackers, ensuring that your customers take the necessary steps to protect themselves through strong and varied passwords is key. Security experts consistently warn about the risks surrounding a weak password, with every subsequent hack bringing that advice even closer to home. Help customers help themselves by requiring passwords that contain a combination of uppercase and lowercase letters, numbers, and symbols with a minimum length – and let them know why. Additionally, implement a secure, simple and straightforward procedure for managing customer passwords that will make them easy to retrieve on-demand.
While these events were just a snapshot of the security stories from 2012, there’s still hope for a safer 2013. By learning from others’ mistakes and taking a proactive approach to your own safety, online merchants can head crafty cybercriminals off at the pass. We hope you will keep in mind these breaches and others like it to make next year a great year for security—and a bad year for cybercrime.
For more information on how to maintain a safe presence online, follow us on Twitter @McAfeeSECURE.