Online shops such as Amazon and eBay track many different types of metrics, one of the most important being “conversion rate”. This means how many of their visitors end up buying a product from the website.
They’ve discovered you can increase the conversion rate by remembering a costumer’s payment data.
From a cybersecurity standpoint however this is risky business, since if the online shop gets hacked, then they might reveal a huge amount of stored credit card data, including yours.
Phishing is when an attacker misuses technology to trick someone into divulging sensitive information, such as usernames and passwords or credit card numbers. People often associate phishing with fraudulent email messages—think Nigerian prince scams—but
phishing also reaches victims through web pages, documents, text messages, social media content, instant messaging, advertisements, and even phone calls.
- A phishing website lives, on average, for 15 hours. Cybercriminals take phishing websites down quickly so authorities can’t track them down.
- Attackers use safe websites to hide their phishing websites to keep their operations going.
- In 2016, cyber security researchers have found over 400,000 phishing websites each month! That’s almost 5 million phishing websites in a year!
- Cybercriminals impersonated Google, PayPal, Yahoo and Apple the most this year, using them to manipulate users and trick them into revealing their confidential information.
Despite its humble beginnings, phishing has come a long way
since those first crudely constructed phishing emails. The
following are the most important findings from this report:
Strengthening an organization’s anti-phishing strategy means
moving beyond old techniques that use static phishing
domain or URL lists to highly automated technologies based
on sophisticated machine learning methods. These more
advanced technologies can quickly check the characteristics
and metadata for each requested webpage to look for signs of
phishing, then report a score or rating that the organization can
use to make automated decisions about allowing or denying
access to the page. When phishing sites can appear and
disappear in the length of a coffee break, highly automated
machine learning solutions are the only way to prevent
successful phishing attacks and the major data breaches they
A new Netflix phishing attack leverages fake emails from the streaming service to trick users into handing over their credit card credentials. The attack starts when a user receives an email from what appears to be Netflix warning them that they need to update their membership information. You can see that the sender email address, support@onlineorders[.]desk-mail[.]com, has nothing to do with Netflix. So it’s not surprising that clicking on the “Update” link leads somewhere other than the streaming service. In fact, it directs the user to hxxp://see-all[.]norafix[.]com/, a location which immediately redirects them to the subdomain hxxp://account[.]norafix[.]com/ch/customer_center/customer-IDPP00C274/js/?country.x=&locale.x=en_.
That page prompts the user to enter in their Netflix credentials followed by their payment card details.
Once it’s succeeded in stealing that information, the scam confirms that the user’s account is now updated. It then provides them with a link to Netflix’s actual homepage.
So what happens then?
Well, the attacker could abuse the user’s stolen credentials to gain access to Netflix content for free. They could also leverage the credit card information to make fraudulent purchases. But they could also reuse the stolen login details in an attempt to gain access to some of the user’s other accounts.
Before traveling, have you ever asked yourself what you should do if your card ends up stolen, damaged or lost?
And what if your bank doesn’t acknowledge that you left the country and may consider that your financial account is in danger and they block your card?
These scenarios can happen to anyone of us, so you need to be prepared.
Here a few starting points:
Contact the bank before leaving. Inform them of where you’re going, what countries you’ll be visiting and for how long.
Keep their phone number at hand, in order to contact them immediately in case anything happens.
Always have some cash with you. You never know when you might need it.