Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Credit Cards. Show all posts
strong passwords
Anti-Malware Credit Cards Cyber Monday scams Cyber Security debit cards email security Multi-factor authentication Online Scams spoofed domains strong passwords

Cyber Monday Scams: Stay Vigilant and Protect Yourself from These Sneaky Tricks

 

With the shopping holiday of Cyber Monday just around the corner, Brits are being urged to exercise heightened caution against online scams. The prevalence of online scams has surged in recent years, and scammers have become increasingly adept at defrauding unsuspecting shoppers.

On Friday, Felicity Oswald, the chief of the National Cybersecurity Center (NCSC), cautioned that cybercriminals will be out in full force, intent on "scamming people out of their hard-earned cash."

"The growing availability and capability of technology like large language models is making scams more convincing," she explained.

According to the NCSC, shoppers lost over £10 million to online scams during the festive period last year, which included Black Friday and Cyber Monday. City A.M. spoke to Oz Alashe MBE, a cybersecurity expert and CEO of CybSafe, who shared his top tips for staying safe from online scams during the shopping weekend.

"Cyber Monday is not just a time for bargain hunters; it's also a breeding ground for criminals to prey on financial information and sensitive data," he remarked.

"People need to be equipped with the knowledge and understanding to identify these threats before they cause harm. A crucial aspect of this lies in adopting secure behaviors and implementing effective cyber hygiene practices to safeguard consumers, their friends, and their families."

Here are five of the most common online scams to watch out for:

1. Malicious emails and texts

Cybercriminals exploit major shopping events to bombard people with emails and text messages promoting deals and discounts. When you receive such messages, scrutinize the sender's address. Does it appear legitimate? Only click on links if you are absolutely certain of their authenticity. If not, delete them immediately!

2. Spoofed domains

Criminals create replica websites of legitimate brands to trick shoppers into divulging their financial information.

Always double-check the URL of the websites you visit, and exercise caution with links received via email, text, or social media promotions. If you have doubts, search for the brand online to verify if the advertised deals are available on their official website.

3. Prioritize credit cards over debit cards for purchases

Credit cards offer better fraud protection if your information is compromised, making them a valuable tool against online scams.

If you discover unauthorized charges on your credit card, you should be reimbursed for the entire amount spent, provided you notify your provider promptly.

4. Check return policies and read reviews before purchasing from unfamiliar sites

Scam websites often lack return policies or impose strict return windows. Investigate whether there are reviews mentioning fraud or counterfeit products. If something seems suspicious, trust your instincts and avoid the site.

5. Empower yourself to combat online scams

Educate yourself about the tactics employed by cybercriminals, and then consider how you can enhance your security.

Enable multi-factor authentication on online accounts that offer the service. Create strong, unique passwords. Employ anti-malware and email security solutions, and always maintain backups of your critical data. These practices will significantly strengthen your online security.
Read more »
Shopify
API CloudSEK Credit Cards E-Commerce Mobile Security search engine Shopify

Globally, Over 4 Million Shopify Users Are at Risk

 


In a report published on Friday by CloudSEK's BeVigil, a security search engine for mobile apps, it has been found that over four million users of e-commerce apps around the world are exposed to the risk of hardcoded Shopify tokens.   

As an e-commerce platform, Shopify allows anyone to create a store that enables them to sell their products online and allows businesses to do the same. Shopify is expected to be used by more than 4.4 million websites by the end of 2023 and is located in more than 175 countries. 
 
Researchers are claiming that there is a risk that crooks will gain access to sensitive data belonging to millions of Android users with e-commerce apps. 

It was recently revealed in a CloudSEK BeVigil report that researchers discovered 21 e-commerce apps that had 22 hardcoded Shopify API keys and that these keys/tokens could potentially expose the personally identifiable information (PII) of roughly four million users to the possibility of identity theft. 

A hardcoded API key becomes visible to anyone with access to the code, including attackers and unauthorized users, as soon as the key is hardcoded in the code. An attacker can access sensitive data and perform actions on behalf of the program if they can access the hardcoded key. They can then use it to access sensitive data. The company said in a press release that even if they do not have the authorization to do so, they could still do it of their own volition. 

Information About Credit Cards

It is estimated that at least 18 of the 22 hardcoded keys allow attackers to use them to view sensitive data that belongs to customers. The researchers explained that this is based on their findings further in their report. A second report provided by the researchers states that seven API keys enable users to view and modify gift cards. In addition, six API keys allow a threat actor to steal information about payment accounts.  

As part of the sensitive data, collect name, email address, website address, country, address complete, phone number, and other information related to the shop owner is collected. The site also enables customers to access information regarding their past orders and their preferences for receiving emails.  

Regarding information on payment accounts, threat actors may be able to access details about banking transactions, like credit or debit cards used by customers to make purchases. These can be obtained by obtaining the BIN numbers of credit cards, the ending numbers of the cards, the name of the company that issued the cards, the IP addresses of browsers, the names on the cards, expiration dates, and other sensitive information. 

According to the researchers, one of the exposed API keys used by the shop provided shop details on authentication, hoping to show their point. 

Researchers have also pointed out that this is not a Shopify employee error but rather a widespread issue with app developers leaking API keys and tokens to third parties.   

An e-commerce platform such as Shopify enables businesses of all sizes to easily create an online store and, in turn, sell their products online. It is estimated that there are more than four million websites with Shopify integration today, enabling both physical and digital purchases from their online shoppers.   

CloudSEK notified Shopify about their findings however, no response has yet been received from Shopify in response.   
Read more »
Subscribe to: Posts (Atom)