Online Security Tips for Black Friday, Cyber Monday

Consumers and retailers are entering one of the busiest shopping periods of the year. The holidays bring more than shoppers, however-they also bring cyber-criminals. Here are some tips to think about when it comes to your business, or your approach to online shopping, for the season.

Consumers may have concerns about shopping online during the holidays, but that is not going to keep many of them away from their computers.

In a survey by Sunbelt Software, 90 percent of the more than 650 respondents said they plan to shop online, despite the fact that many (56 percent) were concerned about security. Sixty percent of the participants said they planned to do more shopping online this year than last.

But while the holidays may be a busy time of year for consumers and retailers, it is also a busy time for attackers. According to Consumer Reports, cyber-criminals have stolen about $8 billion from consumers in the past two years. In a survey by Tufin Technologies released at the Defcon conference held July 30 to Aug. 2 in Las Vegas, 81 percent of the hackers surveyed said they were "far more active" during the winter holidays than during the summer. Fifty-six percent named Christmas as the best time to engage in corporate hacking, while 25 percent named New Year's Eve.

"Black Friday and Cyber Monday mark the beginning of the busiest time of the year for consumers, retailers, and cyber-criminals," Sunbelt Software CEO Alex Eckelberry said in a statement. "Cyber-criminals feast on the fact that consumers are increasingly participating in e-commerce and online social networking with machines that are unprotected against the latest threats."

For businesses, that means being ready for an increase in activity. In an eWEEK Knowledge Center article here, Mark Sarbiewski, senior director of products at HP Software, advised businesses to test for security vulnerabilities and validate all user input to prevent common attacks such as SQL injection or cross-site scripting. He also recommended that businesses make sure credit card information and other private customer data is encrypted, and urged companies to analyze traffic patterns so they can prepare for an explosion of activity.

As for online shoppers, SonicWall in a Nov. 23 news release advised a number of precautions:

"1. Online Purchases: Online transactions not only increase, they are also likely to be with vendors (i.e. retailers, shippers, etc.) you do not deal with often. If you receive an email that your "Credit Card was Denied" the best course of action is to contact the vendor directly using a phone number or email address you obtained from their website - not the rejection email. Also, type in the URL of the vendor into your browser. Do not click on a link in the email itself.2. Greeting Cards: Millions of e-greeting cards will be sent this holiday-some of them will be scams. When you open such messages, they may want you to download a program, codec, or other "code" to see a picture. Before you do anything, stop right there. Contact the sender through some other means and find out if the card is real before you proceed. Also, consider using alternative methods for greetings like using photo sharing service to share pictures.3. Strange Searches: The holiday season brings web searches for "dog knickers" and other less typical items and the list of web sites may be less than familiar. Following a "Christmas" search result can take consumers to a web site hosting malware. If you click on a search link and you are asked to download anything to continue to that site, stop the search immediately. If you arrive at the site and you are asked to download a "plug-in," don't. If you think the site could be legitimate then go to the web site of the plug-in vendor (Adobe, Microsoft, etc) and download the plug-in from there. Then go back to the original site and see what happens."

"This holiday season, online consumers should be wary of any e-mail or social interaction that looks suspicious," SonicWall Product Manager Andrew Klein said.

"When shopping online, know how the online merchant communicates, especially in case of shipping delays and credit card matters," Klein added. "Assume that e-mail that either directly asks or indirectly asks for your account, financial or identity information is fraudulent. Lastly, double-check your credit card statement-especially in January-for incorrect expenses. With these simple steps, consumers have a baseline for protection."