Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/19/2012
12:33 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Consumer Awareness, SSL Digital Certificates Offer Protection Against Holiday Online Scams, Says Security Expert

Entrust provides five tips to ensure consumers have a safe online shopping season

DALLAS, Nov. 19, 2012 /PRNewswire/ -- The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars spent by online shoppers on Black Friday increased 26% last year and the total amount spent on online purchases during Cyber Monday increased 22%.

Entrust Inc., a global leader in securing online identities and information, provides consumers the tools necessary to protect their information when shopping online.

"Scammers and online phishers see one thing when it comes to the holidays -- more consumers sharing their information online to steal," said Entrust President and CEO Bill Conner. "As consumers have moved to using mobile devices and conducting transactions online, the number of breaches and hacks has increased. Malware that can infect your computer and take your credit card information is easily hidden in fake emails and pop-up ads. However, simple awareness can be one of the biggest obstacles to cybercriminals stealing your information."

Hackers are inventing new ways to infiltrate websites with the intention to do harm, such as taking credit card information and passwords. While stealing a password may not seem that harmful, consumers often use the same password for multiple sites, giving hackers the opportunity to log into a bank or credit card site. The following tips can help consumers guard against online threats.

1. Holiday-Themed Scams: During this time of year, online users see an influx

of e-Greeting cards, requests for online donations to charities, pop-ups,

fake chat requests, spam emails and online advertisements. If an online

user interacts with one of the many clever social engineering techniques,

they may expose themselves to viruses or malware. Especially around the

holidays, it's a good rule of thumb to stick to websites and online

retailers you know and trust.

2. Green and Gold: Online retailers working to create a secure environment for

shoppers often deploy advanced EV SSL, which turns most browsers' address

bars green to show the website and transaction is secure. EV SSL is the

highest level of security on the Web today. Additionally, one of the main

security features consumers should always look for is the gold padlock

within their browser. Especially during the checkout process or when

supplying personal information, shoppers should only proceed if a green

address bar or gold padlock is present.

3. Three Secret Digits: Most online retailers will require the three-digit

Card Verification Value (CVV or CV2) number from the back of your credit

card. If they don't, this could be a red flag and consumers should think

twice about completing the purchase.

4. Update Browser and Security Software: Those reminder pop-ups you receive

may seem like an annoyance; however, these are sent for a reason. Many

browsers and security vendors update the technology based on specific

malware and/or viruses, and those updates are extremely important to guard

against those particular threats. The newer browsers also feature more

advanced anti-phishing tools (e.g., EV SSL) than older browsers. As a

result, it is wise to be diligent about regularly updating software.

5. Look for HTTPS: More commonly known as SSL, an https Web address helps

ensure Internet transmissions are encrypted and the identity of the

organization has been verified. Consumers can verify if a site uses SSL via

the "https://" in the address bar instead of the standard "http" format.

About Entrust

A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust's award-winning software authentication platforms manage today's most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email [email protected] or visit www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35419
PUBLISHED: 2021-04-14
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2021-28060
PUBLISHED: 2021-04-14
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28825
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with l...
CVE-2021-28826
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker wi...
CVE-2021-28855
PUBLISHED: 2021-04-14
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).