Endpoint
11/19/2012
12:33 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Consumer Awareness, SSL Digital Certificates Offer Protection Against Holiday Online Scams, Says Security Expert

Entrust provides five tips to ensure consumers have a safe online shopping season

DALLAS, Nov. 19, 2012 /PRNewswire/ -- The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars spent by online shoppers on Black Friday increased 26% last year and the total amount spent on online purchases during Cyber Monday increased 22%.

Entrust Inc., a global leader in securing online identities and information, provides consumers the tools necessary to protect their information when shopping online.

"Scammers and online phishers see one thing when it comes to the holidays -- more consumers sharing their information online to steal," said Entrust President and CEO Bill Conner. "As consumers have moved to using mobile devices and conducting transactions online, the number of breaches and hacks has increased. Malware that can infect your computer and take your credit card information is easily hidden in fake emails and pop-up ads. However, simple awareness can be one of the biggest obstacles to cybercriminals stealing your information."

Hackers are inventing new ways to infiltrate websites with the intention to do harm, such as taking credit card information and passwords. While stealing a password may not seem that harmful, consumers often use the same password for multiple sites, giving hackers the opportunity to log into a bank or credit card site. The following tips can help consumers guard against online threats.

1. Holiday-Themed Scams: During this time of year, online users see an influx

of e-Greeting cards, requests for online donations to charities, pop-ups,

fake chat requests, spam emails and online advertisements. If an online

user interacts with one of the many clever social engineering techniques,

they may expose themselves to viruses or malware. Especially around the

holidays, it's a good rule of thumb to stick to websites and online

retailers you know and trust.

2. Green and Gold: Online retailers working to create a secure environment for

shoppers often deploy advanced EV SSL, which turns most browsers' address

bars green to show the website and transaction is secure. EV SSL is the

highest level of security on the Web today. Additionally, one of the main

security features consumers should always look for is the gold padlock

within their browser. Especially during the checkout process or when

supplying personal information, shoppers should only proceed if a green

address bar or gold padlock is present.

3. Three Secret Digits: Most online retailers will require the three-digit

Card Verification Value (CVV or CV2) number from the back of your credit

card. If they don't, this could be a red flag and consumers should think

twice about completing the purchase.

4. Update Browser and Security Software: Those reminder pop-ups you receive

may seem like an annoyance; however, these are sent for a reason. Many

browsers and security vendors update the technology based on specific

malware and/or viruses, and those updates are extremely important to guard

against those particular threats. The newer browsers also feature more

advanced anti-phishing tools (e.g., EV SSL) than older browsers. As a

result, it is wise to be diligent about regularly updating software.

5. Look for HTTPS: More commonly known as SSL, an https Web address helps

ensure Internet transmissions are encrypted and the identity of the

organization has been verified. Consumers can verify if a site uses SSL via

the "https://" in the address bar instead of the standard "http" format.

About Entrust

A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust's award-winning software authentication platforms manage today's most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.