Endpoint
11/19/2012
12:33 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Consumer Awareness, SSL Digital Certificates Offer Protection Against Holiday Online Scams, Says Security Expert

Entrust provides five tips to ensure consumers have a safe online shopping season

DALLAS, Nov. 19, 2012 /PRNewswire/ -- The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars spent by online shoppers on Black Friday increased 26% last year and the total amount spent on online purchases during Cyber Monday increased 22%.

Entrust Inc., a global leader in securing online identities and information, provides consumers the tools necessary to protect their information when shopping online.

"Scammers and online phishers see one thing when it comes to the holidays -- more consumers sharing their information online to steal," said Entrust President and CEO Bill Conner. "As consumers have moved to using mobile devices and conducting transactions online, the number of breaches and hacks has increased. Malware that can infect your computer and take your credit card information is easily hidden in fake emails and pop-up ads. However, simple awareness can be one of the biggest obstacles to cybercriminals stealing your information."

Hackers are inventing new ways to infiltrate websites with the intention to do harm, such as taking credit card information and passwords. While stealing a password may not seem that harmful, consumers often use the same password for multiple sites, giving hackers the opportunity to log into a bank or credit card site. The following tips can help consumers guard against online threats.

1. Holiday-Themed Scams: During this time of year, online users see an influx

of e-Greeting cards, requests for online donations to charities, pop-ups,

fake chat requests, spam emails and online advertisements. If an online

user interacts with one of the many clever social engineering techniques,

they may expose themselves to viruses or malware. Especially around the

holidays, it's a good rule of thumb to stick to websites and online

retailers you know and trust.

2. Green and Gold: Online retailers working to create a secure environment for

shoppers often deploy advanced EV SSL, which turns most browsers' address

bars green to show the website and transaction is secure. EV SSL is the

highest level of security on the Web today. Additionally, one of the main

security features consumers should always look for is the gold padlock

within their browser. Especially during the checkout process or when

supplying personal information, shoppers should only proceed if a green

address bar or gold padlock is present.

3. Three Secret Digits: Most online retailers will require the three-digit

Card Verification Value (CVV or CV2) number from the back of your credit

card. If they don't, this could be a red flag and consumers should think

twice about completing the purchase.

4. Update Browser and Security Software: Those reminder pop-ups you receive

may seem like an annoyance; however, these are sent for a reason. Many

browsers and security vendors update the technology based on specific

malware and/or viruses, and those updates are extremely important to guard

against those particular threats. The newer browsers also feature more

advanced anti-phishing tools (e.g., EV SSL) than older browsers. As a

result, it is wise to be diligent about regularly updating software.

5. Look for HTTPS: More commonly known as SSL, an https Web address helps

ensure Internet transmissions are encrypted and the identity of the

organization has been verified. Consumers can verify if a site uses SSL via

the "https://" in the address bar instead of the standard "http" format.

About Entrust

A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust's award-winning software authentication platforms manage today's most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web