Boost cybersecurity for safe holiday shopping | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

DURING the holiday shopping season, the digital marketplace attracts consumers with year-end festive sales. However, this period also sees an escalation in the risk of e-commerce scams. As reported by the Global Anti-Scam Alliance, the Philippines has seen the highest rate of e-shopping scams in Asia, with 35.9 percent of incidents. Consumers need to protect their online shopping this festive season by staying informed, using trusted cybersecurity defenses, and consistently verifying the authenticity of offers and transactions.

In an email interview, Oscar Visaya, country manager for the Philippines at Palo Alto Networks, shared strategies for consumers and sellers to mitigate shopping transaction scams.

Let’s Talk Social (LTS): What are the most common types of scams reported in Asia in 2023?

Oscar Visaya (Visaya): The Asian Scam 2023 Report highlighted the mainstream scams in the region, which span across shopping, identity theft, investment, and government/bank transactions, among others. While scammers explore different activities to attempt fraud, they often organize phishing attacks through email, social media and SMS platforms to prompt users to inadvertently install harmful software that may include viruses, spyware, trojans, or other malicious programs.

For consumers, this can look like an encounter with deceptive online ads or SMS/email promotions posing as an e-commerce platform. Meanwhile, e-commerce platforms are susceptible to the threat of Business Email Compromise (BEC) exploits. In this type of attack, perpetrators leverage unauthorized access to deceive employees, customers, or partners into making financial transfers or revealing sensitive information, typically through phishing methods. Threat actors then might craft urgent appeals for money transfers, modifications to payment details, or the disclosure of sensitive information to company stakeholders, including customers. These requests may appear authentic, as they emanate from seemingly trustworthy sources. In both scenarios, individuals and organizations are vulnerable to financial loss, data theft, privacy breaches and ransomware extortion.

LTS: How does the behavior of Filipino consumers during festive sales like 12.12 contribute to the increased risk of e-commerce scams, and what immediate steps can they take to minimize this risk?

Visaya: Shopping festivals in the Philippines, which are highly anticipated for enticing promotions and money-saving deals, make consumers susceptible to scams due to the allure of good deals. It is essential to think twice before clicking and not instantly believe any offers, deals, or prizes online without thoroughly assessing them. If it seems too good to be true, it probably is. Recently, Palo Alto Networks’ Unit 42 researchers saw a significant uptick in compromised servers dedicated to clickbait and advertising content, since August this year. Cybercriminals are increasingly targeting these sites due to their wide-reaching audience. The susceptibility of clickbait-oriented websites to compromise is heightened by their dependence on outdated or unpatched software, leaving them vulnerable to exploitation.

With this trend, Palo Alto Networks advises robust cybersecurity measures to use reputable antivirus software and a reliable firewall, stay informed about online scams, be cautious of sensational offers, preview URLs before clicking, avoid suspicious links, and limit sharing personal information on public platforms for enhanced security.

LTS: In what ways can e-commerce platforms and businesses in the Philippines enhance their security measures to protect consumers from scams, especially during high-traffic shopping seasons?

Visaya: Considering the significant volume of traffic on e-commerce platforms, manual monitoring and analysis of potential threats would prove inadequate to handle the scale and complexity. These businesses have to assertively automate these processes through artificial intelligence (AI) and machine learning for efficiency and stronger security posture.

LTS: Looking beyond immediate tactics, what long-term strategies should be implemented by businesses and government entities in the Philippines to build a more resilient digital shopping environment against scams?

Visaya: With phishing as the primary way for criminals to steal data in a BEC exploit, e-commerce platforms are highly encouraged to embrace a Zero Trust approach to security.

Zero Trust is a cybersecurity framework that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. This means that even if cybercriminals manage to acquire credentials from unsuspecting employees with the aim of financial exploitation, an organization’s security protocols would rigorously authenticate any user seeking access through methods like multi-factor authentication.

In securing sensitive data, robust encryption measures are crucial for both transit and storage. Regular security audits and prompt updates to address vulnerabilities are essential practices. Extending the principles of Zero Trust to third-party integrations, vendors and collaborative partners is critical, ensuring compliance with stringent security standards.

Lastly, e-commerce platforms should also prioritize cybersecurity training for employees, fostering a “never trust, always verify” mindset, particularly when handling sensitive information to thwart phishing attacks.


Click Here For The Original Source.

National Cyber Security