Cyber Monday Shoppers and Retailers Beware of Scams and Attacks

 Cyber Monday Shoppers and Retailers Beware of Scams and Attacks

December 2, 2013 marks Cyber Monday, the day when Internet retailers expect to experience a major surge in traffic thanks to people shopping online for the holiday season. The concept of Cyber Monday, or Mega Monday as it’s known in Europe, was introduced back in 2005. It takes place after the Thanksgiving holiday weekend, when people return to the office and buy Christmas presents from their work computers, according to retailers. Some dismissed Cyber Monday as marketing hype but over time, the day has grown in significance, thanks to competitive deals on offer from many major retailers. In 2012, the 500 biggest retailers in the US took more than US$206.8 million on Cyber Monday while in Europe, approximately €565 million was spent on this day. This year, experts believe that Cyber Monday sales will grow by 13.1 percent as consumers increasingly move from buying presents in bricks-and-mortar stores to shopping online.

 

However, considering the hype surrounding Cyber Monday and the expected traffic on ecommerce sites on this date, there could be a chance that attackers will take advantage of the day to target both consumers and retailers. According to a recent study from RSA Security and the Ponemon Institute, 64 percent of retail-focused IT professionals have seen an increase in attacks and fraud attempts during high traffic days such as Cyber Monday. But just one third of these IT professionals take special precautions to ensure high availability and integrity of websites on these days. Worse still, the estimated direct cost of a cyberattack around the holiday season is believed to be US$8,000 a minute. 

 

Attacks against retailers

There are several ways that attackers could target retailers and consumers during Cyber Monday. Identity theft is one possible threat and it has plagued many stores and customers in recent years. The increased traffic on Cyber Monday could entice attackers to target vulnerabilities in retailers’ infrastructure in order to plant malware that could steal consumers’ information. Our recent research found that 53 percent of the websites scanned by Symantec contained unpatched and potentially exploitable vulnerabilities. 

 

Another possible threat to businesses on Cyber Monday could be distributed denial-of-service (DDoS) attacks. Many retailers have already experienced the effects of such attacks. In 2012, among the UK firms that were hit with DDoS attacks, 43 percent were in the retail sector. Cyber Monday could prove to be an attractive date for attackers targeting retailers with DDoS attacks. Attackers have been known to undertake DDoS attacks on dates of significance, as they are aware that their efforts will get noticed if they attack on high traffic days such as Cyber Monday. Attackers could also use DDoS attacks to distract Web administrators from other malicious activities that they could be carrying out elsewhere. DDoS attacks have been occurring more frequently, as there has been a reported 54 percent increase in attacks in the second quarter of the year. 

 

End users

Of course, retailers aren’t the only ones who should protect themselves this Cyber Monday. Consumers should also make sure that they shop safely online. This year, analysts expect that more consumers than ever will be searching for deals through their mobile device. Marketing research firm eMarketer believes that mobile commerce will generate US$41.68 billion of the total US$262.3 billion in ecommerce sales for the year, representing a 68.2 percent increase in mobile commerce sales from 2012. However, the recent 2013 Norton report showed that while 38 percent of smartphone users experienced mobile cybercrime in the past 12 months, almost half of mobile device owners didn’t implement basic protections such as passwords, security software or data backups. Even though some consumers may opt to shop on their mobile device rather than their computer, they could still be vulnerable to the threat of cybercrime.

 

Scammers will still be relying on more well established techniques to target both businesses and consumers this Cyber Monday. Symantec has found a recent spam campaign that tells the email’s recipient that they need to prepare for Cyber Monday if they want to make money from it. The email also includes two links claiming to offer advice on how to take advantage of the day. These links redirect users to a spam Web page that includes a video to trick users into thinking the page is genuine.

 

Figure. Spam email claiming that the message’s recipient can make money from Cyber Monday

 

Stay protected

Consumers and retailers should heed the following advice to stay safe this Cyber Monday.

• Web administrators should ensure that any potential infrastructure vulnerabilities are plugged before Cyber Monday in order to prevent attackers from taking advantage of these flaws. They should also monitor network traffic for any suspicious activity.
• Retailers should ensure that their employees are trained to understand the risks associated with social engineering attacks that are designed to breach their companies’ systems, which could affect consumers. Similarly, other companies should also train their staff to be aware of phishing scams around this day, in case employees decide to shop online from their work computers. 
• Consumers should use the latest version of their Internet browsers to shop online and should ensure that their software, including antivirus software, is up-to-date. Symantec offers consumers the latest Norton solutions for both computers and mobile devices.
• Customers should only purchase goods through reputable online retailers and should check if the website that they’re shopping on is secured through Secure Sockets Layer (SSL). They can tell if the site is secured in this way if the URL includes “https” rather than just “http”. Consumers should avoid inputting financial information on sites without this protection.
• Users should always avoid clicking on links in unsolicited emails, especially if they offer deals that seem too good to be true. They should always check legitimate retailers’ official websites to see what deals are on offer. Users should also never send sensitive financial information through email.
• Consumers should monitor their bank or credit card activity over the holiday season and report any suspicious purchases or unauthorized money transfers.

 

Cyber-Harassment: What the Online Community Can Do to Stop the Trolls

Cyber-Harassment: What the Online Community Can Do to Stop the Trolls

The Internet is a bountiful source of information, commerce, entertainment and enlightenment. We share stories and pictures online. We cheer up our friends with encouraging messages. We read the news and share our opinions about the issues of the day. We watch funny videos and search for jobs, mates and rare copies of Ramones albums. Cyberspace is no longer a science fiction concept, but an alternate universe that exists in our reality, one that we can tap into at any time, from anywhere. 

It is a wondrous place.

However, as in the real world, you'll also find the corrupt and depraved. Thieves will try to steal your identity. Con artists will attempt to rob you of your affection and cash. And trolls will ambush you, intent on harming your sanity, your self-worth and your reputation.

Over the course of my 22 years in journalism, I have been threatened numerous times. Sometimes the subjects of my stories didn't like having their misdeeds aired to the public, and so they lashed out. Sometimes, the people involved were just nuts.

I once wrote a story about an assistant fire chief who got caught driving drunk. A day later, an unidentified man left a message on my answering machine saying that if I ever have a fire at my house, don't bother calling the fire department because they wouldn't come. 

A man who was charged with sexually assaulting a woman in her dorm room once vowed to hunt me down and rape me "til I bled to death" because I had the temerity to write about the case. If only these comments could have been used at trial; it might have changed the outcome. Unfortunately, he was later acquitted because the judge said sex without a woman's consent was not rape unless the attacker used force or the threat of force. Apparently, begging him to stop the assault was not enough.

One man was so incensed about the fact that a story on Lady Gaga had appeared on the front page of a website where I worked that he emailed and said he wanted the U.S. government to kidnap me, throw me in Guantanamo, torture me for 10 years and then dump my body on my parents' lawn. I wasn't even the person who published the innocuous profile.

More recently, I have been cyber-harassed, and it wasn't in response to anything I had actually written or said. Instead, someone created a fake profile bearing a stranger's name and used that account to post horrible anti-Semitic comments online. Then someone apparently stole a picture from my Website and digitally added it to displays of those comments, implying that the comments came from me. Some trolls then took to their blog and to Twitter to write about it. The sum effect of all of this slandered my reputation as a journalist by alleging that I was a bigot and a coward. Such lies not only defame my character, but my employers' as well. 

People of all ages, races, religions and nationalities are considered possible marks for trolls, but female journalists are a popular target. Why just in the past month, several female journalists have been threatened with bomb attacks online. Imagine logging onto one of your favorite micro blogging sites and seeing this:

"A BOMB HAS BEEN PLACED OUTSIDE YOUR HOME. IT WILL GO OFF AT EXACTLY 10.47PM ON A TIMER AND TRIGGER DESTROYING EVERYTHING."

So how are we, the innocent parties, supposed to respond to these despicable actions? Here is some of the advice I've received:

"Don't feed the trolls. Just ignore them. They'll go away."

"You need to develop a tougher skin. It's the Internet after all."

And my personal favorite, "Well, that's the price of fame."

Basically, don't feed the egos of the attention-starved people who use the Internet to (often anonymously) defame, harass and frighten. Or worse, accept that this is how the world should work instead of trying to change it.

To which, I call bullshit.

I would not tolerate such behavior in person, and I am certainly not about to do so online. Thankfully, I'm not the only one who feels this way. Others have also decided to fight back. 

Emma Barnett, women's editor for the Telegraph in London, tried to ignore the bomb threat she received by meeting with friends at a local pub. It was, after all, just one of many online attacks she has experienced on Twitter and on her articles for years. Barnett was also reticent to contact the police because she didn't have much faith in their understanding of the problem. Barnett eventually decided to share her story online in order to launch a conversation about the best ways to deal with such abuse.

Caroline Criado-Perez is a freelance writer and feminist campaigner who successfully lobbied the Bank of England to feature a female face (other than the Queen's) on British bank notes. For this, she received numerous online threats of rape and murder. Examples include: "Wouldn't mind tying this bitch to my stove. Hey sweetheart -- give me a shout when you're ready to be put in your place" and "Everyone report @CriadoPerez for rape and murder threats and also being a cunt #malemasterrace."

Criado-Perez could have ignored these comments and hoped that none of the threats were serious. Instead she and other Twitter users began adding the hashtag #SHOUTINGBACK to their tweets. She also wrote a brilliant essay on the topic in which she talks about how difficult it is for people to openly discuss the issue of cyber-harassment.

"I am making people uncomfortable. If I continue to 'feed the trolls,' I deserve all I get. Never mind that ignoring or blocking only results in new accounts being set up -- or the trolls simply finding a new victim. Never mind that my 'trolls' are trying to shut me up. Never mind: take this awkward truth away," Criado-Perez wrote.

After learning about Criado-Perez's story, Kim Graham took to Change.org to lobby Twitter into installing a "report abuse" button on all tweets. 

"Abuse on Twitter is common; sadly too common. And it frequently goes ignored. We need Twitter to recognise that it's current reporting system is below required standards," she wrote. To date, more than 135,000 people have signed the petition. 

Catherine Mayer, TIME's Europe editor, has often been on the receiving end of sexist comments and cyber-bullying. But when she became the target of a bomb threat on Twitter and found out other female journalists had been victimized, she contacted police.

"I think this is something that is never properly taken into account. People always say of individual incidents, 'that's not very serious is it? Don't let it bother you,'" Mayer said. "But it's the accretion of all of these incidents of low level abuse that matter, and that's very true of female journalists. Both in the virtual world, and the real world, we encounter throughout our working lives low level abuse and low level harassment all the time."

Hadley Freeman, a columnist for the Guardian who recently received a bomb threat online, reported it to the police and then took to her column to discuss the problem of trolls.

"It doesn't matter if you think you are fighting the feminist cause by railing at newspaper columnists who you believe are insufficiently feminist, covertly racist, blatantly transphobic or anything else. Abusing people is not a good way to get anyone to consider your complaints seriously. As Helen Lewis wrote in the New Statesman last week, 'Being a dick to people on Twitter is not activism. Hashtag truesay,'" Freeman wrote.

Think Progress reporter Alyssa Rosenberg has tweeted the full names and institutional affiliations of trolls under the #ThreatoftheDay hashtag. "Threaten me," Rosenberg wrote, "and I will cheerfully do my part to make sure that when employers, potential dates, and your family Google you, they will find you expressing your desire to see a celebrity assault a blogger."

The Everyday Sexism Project seeks to expose the breadth of the problem by cataloguing the abuse women experience on a daily basis. Since British writer Laura Bates launched the site in 2012, it has received more than 25,000 stories about women being followed, humiliated and attacked (online and off).

The International News Safety Institute plans to study the issue as well, and will launch a global survey into violence against women journalists and the nature of the dangers they face in relation to their work, from physical threats to cyber-bulling. All women working in the news media are invited to participate. 

And then there's the unmasking option, which Gawker did in 2012 when it revealed that Michael Brutsch was actually the troll known as Violentacrez on Reddit. As writer Adrian Chen noted, "If you are capable of being offended, Brutsch has almost certainly done something that would offend you, then did his best to rub your face in it. His speciality is distributing images of scantily-clad underage girls, but as Violentacrez he also issued an unending fountain of racism, porn, gore, misogyny, incest, and exotic abominations yet unnamed, all on the sprawling online community Reddit. At the time I called Brutsch, his latest project was moderating a new section of Reddit where users posted covert photos they had taken of women in public, usually close-ups of their asses or breasts, for a voyeuristic sexual thrill." 

Brutsch was eventually fired from his real-world job after being outed.

Now as we all know female journalists aren't the only ones being targeted by trolls. There have been way too many stories in the news about men using Craigslist to send strangers to rape ex-girlfriends, ex-employees trying get back at their former bosses by publishing defamatory comments and subscribing them to porn sites/magazines, and teens posting vicious rumors and lies about fellow students. The devastation felt by these victims is incalculable, and in some cases even led to suicide. 

This type of behavior has to stop.

In recent years, politicians and law enforcement have stepped up efforts to combat the thieves and con artists. They've passed safety measures to battle against fraud, and created avenues for cybercrime victims to file complaints. Yet when it comes to trolls, there is generally little legal recourse. Victims can document the threats and defamatory comments, but that does not stop the abusers nor does it keep them from attacking others. So what else can we, as citizens of the Internet, do to end such atrocious behavior? 

* Education is key to changing attitudes and making clear that the denigration of women and violence against them are unacceptable, Vivienne Hayes, chief executive of the Women's Resource Centre, told CNN. "I hope the horrendous level of this kind of trolling is going to push this issue into the forefront" and prompt government action.

* Freedom of speech has its limits, and people need to learn what they are. You can't yell "fire" in a crowded theatre. You can't threaten violence with the intent of putting someone at risk for bodily harm or death. You do not have a constitutional right to tell lies that damage or defame the reputation of a person or organization.

* If you see something, say something. Don't allow trolls to take over your blogs or social media feeds. If you spy terrible comments, delete them. If the abusers continue to spew their hatred at you, ban their IP address. And if you notice that trolls are attacking someone else, don't ignore the problem. Stand up for the victim and make it clear that such cruelty is not acceptable under any circumstances.

* Internet providers and Website administrators must be more proactive against threatening and defamatory speech. Earlier this month, Twitter announced that it would create an "in-tweet" report button and roll it out to all platforms. This is an excellent start. Hiring moderators, banning users who abuse others, blocking anonymous users and sharing threats with authorities would be a great second step.

* Train the police. Many departments are becoming savvy social media users, as evidenced by the official usage of Twitter and Facebook and Instagram and Google+ to share Amber Alerts and BOLOs. But officers also need to learn how to deal with cases of cyber-bullying, cyber-stalking and cyber-scams.

* Arrest the perpetrators. Police in England did just that last month, in response to online threats made against Criado-Perez and politician Stella Creasy. Perhaps a bit of jail time will make trolls think twice before typing out another online threat.

* Lastly, the Internet community must discuss this issue, and create clear and helpful guidelines for victims of online abuse.

No one should have to suffer in silence.