SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity experts urge caution as phishing attacks surge
Wed, 24th Nov 2021
FYI, this story is more than a year old

With Black Friday and Cyber Monday (November 30) approaching and the countdown to Christmas beginning, many New Zealanders will be getting ready to start their online present shopping to bag a bargain. Unfortunately, online shopping scams are expected to rise leading into the shopping season.

According to Cert NZ, phishing was one of the highest incident categories from October to December last year, with 41% of all reports about phishing and credential harvesting.

In the lead up to Christmas, Avast is warning New Zealanders to look out for more online shopping and phishing scams, including email and SMS phishing scams offering shopping deals and delivery details, and fake shopping websites.

“The internet is filled with amazing offers around this time of the year and people are often focused on getting the best price for the products they're after," says Stephen Kho, cybersecurity expert at Avast .

"As a result, they spend less time researching the seller, which is where cybercriminals can take advantage with fake shopping websites similar to actual shopping destinations," he says.

“While shopping lists may be long, and the Black Friday and Cyber Monday deals may be appealing, we urge New Zealanders to slow down and remain vigilant around what sites they shop on and share their financial information with.

Recent Avast research found that nearly a quarter of (23%) New Zealanders have experienced an online shopping scam, and 6% confirm that they have been a victim. Close to 1 in 5 (18%) have also admitted to saving payment details on shopping websites that they frequently use, which is a security risk if the website is fake.

“You should also be careful of email and SMS phishing scams with fake shopping deals or fake package delivery information," says Kho.

"These scams often include malicious links that get you to make an online payment, spread malware, or aim to steal your personal data, like the FluBot SMS scams that have been rampant in New Zealand recently."

“When shopping online, just remember to check the source, don't click on links if you are not sure of the destination and don't save your payment information.

To help New Zealanders have a safe online shopping experience this holiday sales season, Avast has shared their top tips:

Watch out for fake apps and always go ‘official' – This is important for both apps and websites. For apps, only download apps from official app stores such as the Apple App Store or the Google Play Store. When it comes to websites, always type the URL into the address bar so you know you are on the official page. Note that almost all official sites will use ‘https' to ensure an encrypted connection between the retailer and consumer.

Avoid phishing scams – Look at every deal-themed email in your inbox with a suspicious eye, and never click on links inside them as they could lead to an email phishing scam. Instead, if you see something in an email that is enticing, follow tip 1 and type the URL into a web browser yourself.

Do not store payment info – As you visit site after site, and as you make purchase after purchase, you will be peppered with requests to start new accounts and save your credit card info. We strongly suggest you deny these requests, particularly during holiday shopping. You want to share, save, and store as little personal info as possible on the internet.

Put a layer between your credit card and scammers – Third-party payment services such as PayPal, Apple Pay and Google Pay can give you an extra layer of protection, if you want the best assurance. These virtual payment services can also be very handy on mobile sites. However, remember to only shop from your home or cell network, never on public Wi-Fi so you can protect your sensitive information, like passwords, from being stolen.

Stay anonymous – When you use a VPN such as the one in Avast One, you cruise the cyber highway in a rental car with tinted windows. It's an encrypted connection that hides your IP address and keeps predators from seeing any personal data about you, which prevents them from profiling you. Your login credentials, your banking details, and your identity stay protected. But make sure you select your preferred country in the VPN application, so the website displays the currency you want to use.

Compare prices – Before you hit the digital checkout line, open a new tab and look up that same item in other stores to see if the price is similar. If you haven't heard of the brand before, look up comparable products by leading brands to see if the prices are similar. If your item is drastically lower than the others, you need to wonder why. If a deal seems too good to be true, it probably is.