Good times are also synonymous with online scams for rubbing their hands on cybercriminals. While the sales start from this Wednesday, January 12, vigilance will be required for Internet users.
Last November, the cybersecurity company Kaspersky noted a 208% increase in online payment fraud as Black Friday approaches, another major annual event for merchants. Spam and phishing attempts are still the most common attacks used by hackers to steal or misappropriate bank details in order to make online purchases. But other types of attacks are rife.
Sim swapping on the rise
While two-factor authentication is required today when making an online purchase with your bank card, cybercriminals have developed new techniques to bypass this new barrier. SIM swapping is one of them.
This consists of spoofing your phone number by getting a new SIM card most of the time from your operator. The hacker will indeed contact an operator and claim a new card by posing as his target, after having retrieved personal information (name, date of birth …) – easy to find on the Internet and social networks – to spoof your identity. Often, the author of a SIM swapping also has the banking information, which he was able to obtain on the dark web. It then suffices for him to place an order pretending to be his victim when sending a double authentication which would use, for example, the sending of a code by SMS.
“This type of attack is however still weak in France where smartphones are still little used to make mobile payments, unlike the United States for example”, explains to CNEWS Laurent Nezot, sales director France at Yubico, specialist in the field. cybersecurity.
Deep voices emerge
Other scams are also used, such as attacks based on deep voices. Inspired by deep fakes (which can use the image of a person to produce a false or parody video for example), deep voices are used by criminals to usurp a person’s voice in order to make payments or telephone bank transfers. Still little used, these belong to the category of emerging scams, and 2022 could witness transfers or online purchases based on this technology.
“There is a sophistication in the existing attacks. As is the case with voice calls. The attack can be done in a computer way as well as with a human approach with a lot of social engineering upstream, where the criminal will seek information to get to know you well on social networks and the Internet in order to pretend to be you ” , warns Laurent Nezot.
Fake e-commerce websites
False online sales sites are on the increase in this period and there are many strategies to attract customers: imitation of legitimate sites, e-mail campaigns (phishing), promises of very good business … To avoid unpleasant surprises , it is necessary on the one hand to privilege the most famous sites. But be careful, never go to sites through links sent to your mailbox, these can sometimes lead to sites that want to obtain your username and password. Therefore, prefer to write the address of the site directly and manually in the search bar of your browser.
If in doubt, it is possible to do a search on the Internet by typing “scam” followed by the name of the site in question. It is also necessary to check in the bar indicating the URL that the site secures banking transactions with a small closed padlock as a logo next to the address in the search bar.
beware of too tempting sales
Phishing is the favorite method of cybercriminals during the sales. They send emails proposing unbeatable offers or even “pop-ups” encouraging them to click on a link. Avoid doing this if you are not absolutely sure of the sender, avoid uploading attachments and do not provide confidential information.
what solutions to guarantee your data?
In addition to the “digital hygiene” measures (check the URL of the site, beware of tempting offers, etc.) that we have detailed in the various points discussed above, several solutions make it possible to protect your identity and your means of Internet payments. If you haven’t already done so, be sure to enable two-factor authentication for your personal mailbox. You can also create a specially assigned e-mail address for making online purchases, in order to separate your personal details and clues that might be contained in your main box. The use of a password generator is also interesting to ensure that you do not always use the same one and to generate strong passwords.
A higher level of security can also be crossed by using an encrypted physical security key which can contain your sensitive data and be connected to a computer (via the USB port) to identify you. These are generally compatible with the majority of the most famous web merchants, with high level security protocols. “The hardware has the factor of ownership interest, because if someone doesn’t use my key, they can’t steal my data. This is a system that makes it possible to remain almost unassailable in addition to being a tool dedicated to strong authentication, ”explains Laurent Nezot.