Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:33 PM
Dark Reading
Dark Reading
Products and Releases

Consumer Awareness, SSL Digital Certificates Offer Protection Against Holiday Online Scams, Says Security Expert

Entrust provides five tips to ensure consumers have a safe online shopping season

DALLAS, Nov. 19, 2012 /PRNewswire/ -- The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars spent by online shoppers on Black Friday increased 26% last year and the total amount spent on online purchases during Cyber Monday increased 22%.

Entrust Inc., a global leader in securing online identities and information, provides consumers the tools necessary to protect their information when shopping online.

"Scammers and online phishers see one thing when it comes to the holidays -- more consumers sharing their information online to steal," said Entrust President and CEO Bill Conner. "As consumers have moved to using mobile devices and conducting transactions online, the number of breaches and hacks has increased. Malware that can infect your computer and take your credit card information is easily hidden in fake emails and pop-up ads. However, simple awareness can be one of the biggest obstacles to cybercriminals stealing your information."

Hackers are inventing new ways to infiltrate websites with the intention to do harm, such as taking credit card information and passwords. While stealing a password may not seem that harmful, consumers often use the same password for multiple sites, giving hackers the opportunity to log into a bank or credit card site. The following tips can help consumers guard against online threats.

1. Holiday-Themed Scams: During this time of year, online users see an influx

of e-Greeting cards, requests for online donations to charities, pop-ups,

fake chat requests, spam emails and online advertisements. If an online

user interacts with one of the many clever social engineering techniques,

they may expose themselves to viruses or malware. Especially around the

holidays, it's a good rule of thumb to stick to websites and online

retailers you know and trust.

2. Green and Gold: Online retailers working to create a secure environment for

shoppers often deploy advanced EV SSL, which turns most browsers' address

bars green to show the website and transaction is secure. EV SSL is the

highest level of security on the Web today. Additionally, one of the main

security features consumers should always look for is the gold padlock

within their browser. Especially during the checkout process or when

supplying personal information, shoppers should only proceed if a green

address bar or gold padlock is present.

3. Three Secret Digits: Most online retailers will require the three-digit

Card Verification Value (CVV or CV2) number from the back of your credit

card. If they don't, this could be a red flag and consumers should think

twice about completing the purchase.

4. Update Browser and Security Software: Those reminder pop-ups you receive

may seem like an annoyance; however, these are sent for a reason. Many

browsers and security vendors update the technology based on specific

malware and/or viruses, and those updates are extremely important to guard

against those particular threats. The newer browsers also feature more

advanced anti-phishing tools (e.g., EV SSL) than older browsers. As a

result, it is wise to be diligent about regularly updating software.

5. Look for HTTPS: More commonly known as SSL, an https Web address helps

ensure Internet transmissions are encrypted and the identity of the

organization has been verified. Consumers can verify if a site uses SSL via

the "https://" in the address bar instead of the standard "http" format.

About Entrust

A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust's award-winning software authentication platforms manage today's most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email [email protected] or visit www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-08-02
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.
PUBLISHED: 2021-08-02
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
PUBLISHED: 2021-08-02
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled valu...
PUBLISHED: 2021-08-02
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for v...
PUBLISHED: 2021-08-01
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the c...