Hyderabad: Online shopping addicts need to have their guards up in place. Shopping websites are amongst the top three categories of websites that are hacked or exploited by cyber attackers around the world.
Online shoppers are lured by tempting offers, major discounts and even freebies. Often shoppers give in to the temptation of checking out these fictitious offers and there in lie their doom.
According to Mr Kommera Chakradhar, MD of the city-based Unik Systems, which specialises in cyber security solutions, phishing links relating to shopping websites that are sent over mail are the problem creators.
“People click on the link and then enter into a fake site that is already breached. Typing identification and financial details on such sites land them in trouble. Such phishing links are even sent on SMSs over mobile phones. Even ads that flash or scroll on websites that we browse, are dangerously risky sometimes.”
If shopping websites are second on the list of malware penetrators, technology based websites are their absolute favourite. Blogging websites are on a happy third position.
For most people, these three categories occupy most of their net browsing time. But that doesn’t necessarily mean that business, health, education, entertainment, travel and gambling based websites are spared. According to data compiled by Symantec, a leading cyber security firm, all these categories are also targeted by the cyber attackers.
With the internet being the most prevalent way malware scammers reach their victims, it is no surprise that websites with malicious payloads are the most common methods used to tempt a victim into downloading harmful files.
According to cyber security expert Gurram Srinivas Reddy, there are multiple ways used by scammers to access the computers of online shoppers.
Malware injections using free software, apps and add-on tools, deceitful website downloads, malicious email attachment and links are a few methods used, with new discoveries being added each day.
As festivals draw close, scammers will take advantage of the surge in online shopping and will ready seemingly irresistible baits to lure online shoppers.
Emails are inboxed with delectable offers urging the reader to open a zipped file that often becomes the gateway for a dangerous malware to enter the computer.
“Apparently the e-mails seem as though they come from the shopping site where they have shopped. Sometimes the emails ask the reader to send their confirmation or order details.
“Others claim that the package was lost in transit and to resolve the problem they need to open the attachment”, said Mr Reddy.
To shop online one needs a bank account and scammers try to send messages like “Your bank card is blocked” or “Security issues with your bank account” or “Unusual activity on your bank card” in an attempt to make you open an attachment to try and resolve the problem, thus infecting your computer with malware.
Attackers use new tactics
With emails becoming the primary messenger to carry the malware, other web attacks dropped by 30 per cent in 2016. Breaching websites requires backend infrastructure and its’ regular maintenance. Email as the primary infection vector makes it so much simpler.
The threats have not reduced, attackers are now simply using different tactics to induce panic. But despite the drop in activity, Symantec, blocked roughly 2.29 lakh unique web attacks on computers every day in 2016, indicating that web attacks are still a major threat.
More than three-quarters of scanned websites in 2016 showed up their vulnerabilities, nine per cent of which were found to be critical.
A critical vulnerability is one which, if exploited by attackers, may allow malicious code to be run without user interaction, potentially resulting in a data breach that will further compromise data of visitors to the affected websites.
With cyber attackers using e-mail as primary infection vector to distribute malware, cyber security experts feel users and firms have to be more careful in opening links that are sent over mail.
Opening some of the unknown links and attachments might result in systems getting affected with viruses or data getting encrypted in case of serious attacks, they stated.
Cyber security expert Kommera Chakradhar said, “Malicious e-mail attachments and links can be sent to lakhs of users very easily as e-mail has become the means of communication in present times for private firms, government wings and individuals.”
Mr Chakradhar advised netizens to carefully check attachment links before opening them and also check if the note sent in the mail or the file name of the attachment is grammatically correct.
