Transcript
Speaker 2 (00:01)
For Cybercrime Radio, I’m Charlie Osborne. Joining me today is Mike Centrella, Head of Public Policy at SecurityScorecard, and Adam Keown, CISO at Eastman. This episode is brought to you by SecurityScorecard, whose mission it is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risks to their boards, employees, and vendors. Learn more about our sponsor at securityscorecard.com.
So our topic today is safe holiday shopping and outsmarting scammers during this year’s gift-giving season. Mike, I’ll start with you. Why does cybercrime spike during the holiday shopping season and what threats are most common right now?
Speaker 1 (00:42)
Well, thank you for the question and good morning. happy to be here today. So, you know, holiday shopping creates the perfect storm from cyber criminals, higher online spending, the rushed decision making, distracted consumers and retailers pushing rapid promotions. Attackers know people are tired, they’re traveling and they click faster. So they exploit those urgencies. So right now the biggest threats are fake retail sites, phishing email and text scams that we see every day. You know, we’re getting those email alerts, malicious ads and pop-ups that are on social media, I was actually almost a victim of one last year, and account takeovers. These seem to be the ones that hit and impact the most during this time of year. In short, cybercriminals follow the money and as money moves online quickly during the holiday season, so do they.
And Adam, what about you? What are you seeing from your perspective?
Speaker 3 (01:30)
comes to scams across the board, whether it’s scams inside of a corporation like business email compromise, or even scams to family members, it’s all on the rise. We saw even last year an increase in business email compromise as reported by the FBI more than it’s ever been. And as those numbers continue to rise, we see folks, unfortunately, in companies and folks in their personal investments losing money.
That’s where the real shame happens is when you have folks who don’t realize they’re clicking on something they shouldn’t and unfortunately lose a lot of money.
Speaker 2 (02:06)
So Mike, what are the top core four security behaviors that give shoppers the best protection?
Speaker 1 (02:12)
Yeah, I recently saw a research that highlights the top four and I think the four that come to mind are use a strong, unique password. Don’t reuse your ex company, whether it’s your bank, Amazon, ones you commonly use for shopping. Change your passwords up, make sure they’re not consistent. Turn on multifactor authentication, MFA. Stolen passwords are useless if attackers can’t get past the second verification step. This is one of the best defenses I can think of when it comes to account takeover. Keep your devices and your software up to date, making sure you’re patching security holes to include on your phones. People sometimes forget to do those updates on their phones and they don’t want to be hindered by their updates on their phones. So make sure you’re doing that.
And I think lastly, and maybe the best advice I can give during this holiday season is slow down. Make sure you’re reviewing those emails or reviewing those text messages and really understanding the links that you’re clicking on during this holiday season. I know and understand everybody’s rushed, but if you just take that extra second to review what you’re getting ready to do, you may stop yourself from being a victim of some type of cyber attack scam.
Speaker 2 (03:09)
And Adam, while we’re on this topic, how can shoppers protect themselves? I’d really like some tips for quickly spotting fake websites or counterfeit product offers and perhaps even two good-to-be-true holiday deals.
Speaker 3 (03:21)
Yeah. Mike hit the nail on the head when he said slow down. That is the best piece of advice out of anything else that he can possibly say. There are emails that come in and people see a fantastic deal. Well, don’t just click that link and go to the website. I would encourage you to type in the actual company’s address and go to their website because they’re going to have that same deal available to you. As always, I’ve mentioned in some previous conversations, having something along the lines of ensuring that your browser is fully up to date can do a much better job at protecting you and preventing the scammers from getting to your system. I know that I’ve personally seen even on my family’s computers where the browser up in the corner is turning red because they haven’t updated it yet when it only takes a few seconds to hit that relaunch button and to make sure you’re using the most recent version.
And always too, having ad blocks in place. So there are free ad blocking services out there and many of those do a phenomenal job at not only protecting you with your eyeballs of seeing too many tremendous amount of ads, but also protecting you against the hackers. Many of them have the harmful websites blocked and prevented in that same data.
Speaker 2 (04:39)
And Mike, do you have any further tips to add here?
Speaker 1 (04:42)
No, they’re all great points there. But again, you know, just taking your time to slow down, making sure you understand the URL that you’re clicking on. Like Adam said, you know, look for those misspellings and those unique or not so unique looking URLs. Also the payment options. Sometimes they utilize Zelle or Venmo or CashApp only. There are red flags, especially on Instagram advertisements. If you’re clicking on them, then sometimes they’re asking for those types of payments. They should be red flags right off the bat.
And again, no customer service. If you’re looking at a website and there’s a really hard way to get a hold of them or no refund policy, no real legitimate way to get a hold of the business. They should be standalone quick red flags to be careful of.
Speaker 2 (06:15)
Adam, I’ve got another topic I’d like to broach, which is public Wi-Fi. So we know that’s everywhere during holiday travel, but how risky is it to shop or log into your accounts at say an airport or cafe network Wi-Fi hotspot?
Speaker 3 (06:29)
Generally speaking, the security of the local wifi, whether it’s at a retail store or a coffee shop, is not going to be the best. And in many situations, it could actually open you up for hackers to steal information. So it’s always best to use your personal cell hotspot or just wait till you get home before you do any kind of what I would call financial transactions. At the same time, I would encourage folks to use a single card number to do activity online. It’s much easier if something does happen to that card to cancel it and have it replaced and not create the chaos in your life of the card that you use for everyday transactions to get gas and groceries. So I would encourage you to isolate all your online transactions to a single card to help you minimize if theft does occur. And also when that one statement comes in, you’re able to see where these actual purchases I made, it makes the whole auditing yourself better.
Speaker 2 (07:26)
And for my last question, this is going be directed to both of you. So if a shopper only remembers one action to stay safe this season, what should it be and why? Mike, perhaps you’d like to start us off.
Speaker 1 (07:38)
Turn on your multi-factor authentication for your major accounts like email, banking, and other online retailers that you use commonly. And here’s why. Your email is the key to every other account. Most holiday cybercrime involves account takeover. An MFA can stop the attack even if the criminals have your password. So that MFA just gives you that other layer of protection, and again, may also give you the ability to slow down, as we mentioned a couple of times through here, as you’re clicking on and moving through your days.
Speaker 2 (08:03)
And Adam?
Speaker 3 (08:05)
I’ll emphasize shopping from common websites. There may be some obscure websites that give you deals and you’re like, this is amazing. I can’t believe I’m getting it this cheap. That’s because you’re not going to get it that cheap. There’s a good chance you either not get the product or when you get it, it won’t even be the legitimate product or the same that you have purchased that you thought you were purchasing. So I would encourage you to stick to standard websites, make sure that you’re on the safe company website.
And then like I mentioned earlier, using that single card for all your online transactions, and that’ll help you keep safe during this holiday season.
Speaker 2 (08:39)
Thank you and is there anything else either of you would like to add?
Speaker 1 (08:43)
No, I’d just like to wish everybody happy holiday and be safe while you’re shopping online.
Speaker 2 (08:47)
Adam? Yes.
Speaker 3 (08:48)
I would encourage people just to be cautious about putting personal information online, slow down and take the time to make sure that you’re cyber safe during this holiday season.
Speaker 2 (08:58)
Mike and Adam, thank you both for joining us today.
Speaker 3 (09:00)
Thank you.
Speaker 1 (09:01)
Thanks for having us.
Speaker 2 (09:02)
For Cybercrime Radio, I’m Charlie Osborne. Joining me today were Mike Centrella, Head of Public Policy at SecurityScorecard, and Adam Keown, CISO at Eastman. This episode is brought to you by SecurityScorecard, whose mission it is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risks to their boards, employees, and vendors. Learn more about our sponsor at securityscorecard.com.
