According to Willem de Groot, security analyst for Byte.nl, almost 6000 online stores were hacked. Victims vary from car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse, Heels.com), to pop stars (Bjork) to NGOs (Science Museum, Washington Cathedral), the researcher said in a blog post. Hackers access to a store’s source code using unpatched software flaws in various popular e-commerce software. Once a store is under control of a perpetrator, a (Javascript) wiretap is installed that funnels live payment data to an off-shore collection server (mostly in Russia).
New cases could be stopped right away if store owners would upgrade their software regularly. But this is costly and most merchants don’t bother. Some shop owners don’t seem to grasp the seriousness of these issues. When De Groot attempted to inform them about the compromises, he received responses like “We don’t care, our payments are handled by a 3rd party payment provider” and “Our shop is safe because we use https.”
Online store attack is not a myth and since some shop owners are indifferent to the issue, we have to take measures to protect ourselves. Here are some tips for safely shopping online from Telos.
Make sure your browser and apps are up-to-date. The developers may have added new security measures to the latest version.
Use strong passwords – weak passwords make it easy for hackers to break into your account and cause damage. Use a unique password for each site or account.
Avoid using public Wi-Fi while making online payments. Public Wi-Fi networks are common grounds for attackers who try to access your personal information.
Make sure the URL in your internet browser starts with “HTTPS” or look for a lock. This is an industry standard required for any retailer that processes credit cards.
Do not log in on a shared computer. A shared computer is used by more people and is more easily to be attacked.
Be more cautious during holidays. Criminals are more aware during the holiday shopping season because people are a little loose with their cash and not watching as closely.
Use a different phone number from the one linked to your bank account to sign up. Most people have only one number and use the same number for accounts of all websites and their credit cards, which makes it easier for hackers to get the bank accounts and payment details.
Download Telos from App Store or Google Play for a FREE second phone number
Leave a Reply