Panda Security's anti-malware laboratory, is advising holiday shoppers to be extra wary when shopping online this holiday season. As in past years, cyber criminals have launched a war on the season through a multitude of holiday-themed scareware, spam and Blackhat SEO attacks.
"Cyber criminals know this Friday and Monday are two of the biggest shopping days of the year, and Americans are going to be sharing tons of sensitive data online during this period," said Sean-Paul Correll, threat researcher at PandaLabs. "It's more important than ever for shoppers to follow best practices to avoid infecting their computers or turning over their private information into dangerous hands."
Most of the malware PandaLabs sees today is specifically built for extracting credit card information, social security numbers and other data which can be used to facilitate identity theft. In fact, 66 percent of the threats in PandaLabs' malware database are Trojans that specialize in sensitive data extraction. A video representation of how Banking Trojans work is available at http://vimeo.com/6491332.
To stay safe, PandaLabs suggests holiday shoppers adhere to the following guidelines this Friday and Monday, and throughout the holiday shopping season:
Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with.
Advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you'll be able to find the same deal by going directly to the website in your favorite web browser.
Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.
Don't underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order to infect your computer and steal your personal data. If you're unsure if a site is legitimate, run a search online to see if you can determine whether it's widely known. If you can't find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.
Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it's best to run frequent anti-malware scans.
Always use updated anti-malware protection. Despite growing awareness of today's Web-borne threats, many people still don't use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security's award-winning Panda Cloud Antivirus software, which is completely free, at http://www.cloudantivirus.com.
For up-to-date research on cyber attacks, go to www.pandalabs.com.
No comments:
Post a Comment