A Blackhat Xmas, What You Can Do To Be Safe

Posted by abefroman on Nov 22, 2010 6:52 AM EDT
PCI Compliant News; By Wayne C.
Mail this story
Print this story

Following Thanksgiving is Black Friday, which is followed by Small Business Saturday, and then comes Cyber Monday, the biggest day for online retailers. Just as you have pick pockets and shoplifters out in force starting on Black Friday, the hackers and spammers will be out in force on the Internet, preying on your ambition to find the best deals online. We are going to go over a few things you, as e-consumers, should be aware of; and if you are one of the millions of people who have an e-commerce web site, we have a few tips for you as well.

Following Thanksgiving is Black Friday, which is followed by Small Business Saturday, and then comes Cyber Monday, the biggest day for online retailers. Just as you have pick pockets and shoplifters out in force starting on Black Friday, the hackers and spammers will be out in force on the Internet, preying on your ambition to find the best deals online. We are going to go over a few things you, as e-consumers, should be aware of; and if you are one of the millions of people who have an e-commerce web site, we have a few tips for you as well.

Many online e-tailors do 80% of their business during the time from Cyber Monday through the weekend before Christmas, the hackers know this, and also know your customers are most vulnerable during this time, so they will be striking fast and hard in a number of ways. The first way, will be with spam emails, these are going to be more frequent, and with botnets more common and complex, they are going to be getting through a lot of the spam filters. With the increase in malware, its also important to have an up to date virus scanner. If you visit a site which was hacked, or receive an email from a spammer with embedded malware code, and you have an out of date anti-virus program, your computer can get infected, and allow a hacker to do, among other things, capture your keystrokes, including your credit card number. If you are waiting to see if you get the newest version of Norton as a Christmas gift, you’re better off going out and buying it as an early Xmas gift you for yourself.

When you get an email with an awesome good deal, you want to think twice before you click through and rush to enter in your credit card info, as this could possibly be a phishing site. Instead type the URL directly in your browser. The hackers also know that timing is everything, they are going to want to hit you with an email from the same site you just ordered from saying their was a problem with your credit card and you need to re-enter it. Or you are going to have a package that didn’t arrive and coincidentally get an email looking like its from UPS or FedEx saying you need to download the attachment. Emails that would have been ignored earlier in the year, will have a higher chance of being opened and clicked at this time of year. A safe way around this would be to type the URL of the site into your browser, and go to the “My Account” section and see from there what the actual status of your order is. On many sites they also let you track your order from there.

Terry Newbury of PenguinWebHosting.com states, “We have already seen an influx of spam email over the last 2 weeks, one spammer in particular tried to send over 1 million spams to just one of our IP’s. We have adjusted our spam filters for this and are monitoring our mail logs more closely to block some of the more notorious spammers.”

Now if you own an e-commerce site, what you want to do is ensure it is secure. The last thing you want is your customer’s credit card info to be compromised, if this were to happen you would likely be the unsought conversation at a number of holiday functions. Plus, if you do get hacked, your hosting company is likely to turn off your site because it is sending out spam, participating in a DDoS attack, or facilitating a phishing form. First, you want to update your software, if its a LAMP server, upgrade your Linux kernel, make sure Apache and PHP are up to date, install an updated mod_security rule set, etc. Second, remove any old software, if you installed a forum to test out, or tried a different shopping cart and then forgot about it, make sure you remove those now. Then upgrade any front end software you use, for example your shopping cart software, blog or forum if you have one, etc. Next, go ahead and run some security checks, especially if you had something out of date, for example use something like RKhunter, from http://rootkit.nl If your not familiar with how to do the above, contact your hosting provider for assistance, or look for a freelance system admin, with good feedback, on a place like Vworker.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.