By Georgia Weidman, Security Architect at Zimperium
This time of year, hackers are making their lists, checking them twice, and going after the most vulnerable targets: unsecured holiday shoppers. If shoppers have been lax in their cybersecurity practices, they will inevitably land on the hackers’ “naughty” list, putting their most valuable possessions at risk: their mobile devices. But if they’ve been “nice” and practiced cybersecurity best practices, they might find Santa putting a few extra gifts under the tree this year.
Here are a few of the naughty mobile security practices that could very well get a shopper on a cybercriminals target list this year and run the risk of ruining their holidays.
Mobile Security Naughty List
- Falling prey to risky QR codes
QR codes have become a popular option for streamlining our access to anything from restaurant menus to paying for parking. And as the shopping season begins to ramp up, many stores are using QR codes to offer shoppers access to discount coupons. Cybercriminals, however, are also using this trend to distribute malware, steal personal information, and conduct phishing attacks, which can then be leveraged to access confidential data.
We all love a good bargain, and because of that, shoppers often fail to take that second look to make sure they are going to a legitimate URL.
- Clicking malicious links via social media
Picture this: You are doing your daily scroll on Instagram or TikTok, when an ad pops up showing the exact gift you’ve been looking for to buy your mom. Without even thinking, you click on the link (Even if it’s spelled wrong i.e. Amazon.CORN), and boom, you’ve just accidentally downloaded malware onto your device. A cybercriminal can use mobile malware to steal sensitive data from a smartphone or lock a device, before demanding payment to return the data to the user or unlock the device.
- Being fooled by package phishing
Have you ever received a text message or email that your FedEx or UPS package could not be delivered because the address or name was wrong and you just need to “click here” to fix the problem? That’s a prime example of one of the many phishing scams that cybercriminals will be using more than ever this holiday season.
And, sadly, while we all love unexpected presents, the shoppers who do fall prey to these links, grant cybercriminals access to their important personal and financial information (i.e. credit card numbers, banking information, social security numbers, etc).
- Shopping on public Wi-Fi
It’s pretty common for shoppers to connect to the mall’s free public Wi-Fi network as they shop around. Cybercriminals can create open Wi-Fi hotspots disguised as legitimate and free networks, which if connected to, can compromise devices and install dangerous malware. Bad actors also use this to launch Man-in-the-Middle (MITM) attacks, where attackers interrupt an existing conversation or data transfer to steal login credentials, account details and credit card numbers. Once an unsuspecting user connects to the free, malicious Wi-Fi hotspot that the attacker created, the bad actor has full visibility into the exchange.
Mobile Security Nice List
On a brighter note, not all shoppers have made bad choices this year, and there are still things you can do to turn your security posture around. Here are a few of the top nice mobile security practices that can keep you on Santa’s security nice list this year.
- Being aware of your digital surroundings
In the midst of holiday shopping, curated ads, and packages awry, it is crucial that shoppers always double check for nuances when it comes to emails, messages, or even phone calls. It’s important that shoppers watch out for things like spelling and grammar errors, typos in sender address or domain name, unsolicited password resets, or being asked to resubmit payment information when they haven’t requested to. Especially, if receiving a call about fraud from their bank, they should never have to provide their username and password over the phone – their bank should already know their account information.
- Shopping inside a secure digital environment
As mentioned before, cybercriminals love to take advantage of a public Wi-Fi network. Because of this, shoppers should not make financial transactions such as online banking, trading, or shopping when they’re using a public Wi-Fi network. If they must use a public network, shoppers should consider using a VPN (virtual private network) for an added layer of protection.
All that being said, it’s important for shoppers to implement cybersafe practices this season in order to keep the bad actors far far away. Taking small initiatives like these, can be just the key to protecting themselves and their mobile devices, not just during the holidays, but all year long.
About the author
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, mentor, angel investor, and the author of Penetration Testing: A Hands-On Introduction to Hacking. Her work in the field of smartphone exploitation received a DARPA Cyber Fast Track grant and she has been featured internationally in print and on national television including ABC, BBC, Fox, NBC, and in the PBS documentary Roadtrip Nation: Life Hackers. She has presented and trained around the world including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point.
Related Articles
![LegitScript’s Data Reveals 1200% Increase in Violative and Problematic Advertisements for GLP-1 Medications](https://retailistmag.com/wp-content/uploads/2024/07/diabetes-777002_640-300x200.jpg)
LegitScript’s Data Reveals 1200% Increase in Violative and Problematic Advertisements for GLP-1 Medications
LegitScript Has Seen Nearly a 100% increase in New Applications for its Healthcare Merchant Certification Program Year Over Year
![Merchants Are Spending 332 Hours Each Year On ‘Overwhelming” Admin](https://retailistmag.com/wp-content/uploads/2024/07/brightpearl-hero-banner-230x300.webp)
Merchants Are Spending 332 Hours Each Year On ‘Overwhelming” Admin
Polling over 1,000 businesses, the study found that US merchants dedicate 6 hours and 24 minutes weekly on manual admin tasks, 27 hours and 44 minutes per month, and 332 hours per year.
![Live Shopping: The Silver Bullet to Product Returns?](https://retailistmag.com/wp-content/uploads/2024/07/design-8576920_640-300x300.jpg)
Live Shopping: The Silver Bullet to Product Returns?
“Direct interaction leads to more informed purchases, as customers feel more confident asking questions and seeking clarification on products before buying, ultimately reducing the likelihood of returns,” writes Kenneth Tan, Co-Founder and CEO of BeLive Technology
![Beyond Customer Centricity - A New Era of Retail Customer Obsession](https://retailistmag.com/wp-content/uploads/2024/07/the-work-2166128_640-300x200.jpg)
A New Era of Retail Customer Obsession
Brands like Polestar, Vinted and Home Depot are changing how they manage their customer journey. What can leaders learn from this?