DNSC warns of online shopping pitfalls

The National Cyber Security Directorate (DNSC) warns of the dangers in the context of the increase in online transactions during the holidays, when attackers exploit the hunting for promotions, online contests, gift purchases, hotel reservations or airline tickets. They send links to fake sites, from where the victims' sensitive data is stolen. According to DNSC: "In the context of the increase in online transactions during the holidays, attackers adapt fraudulent scenarios to exploit user behaviors, such as hunting for promotions, online contests, gift purchases, hotel reservations or airline tickets. These tactics include the use of links that redirect to fake sites, clone sites that look similar to legitimate ones at first glance, but are specifically created to steal authentication data and other sensitive information from potential victims."

Experts warn that, in order to convince users to access these sites, attackers use newly created or compromised social media pages to launch fraudulent posts or advertisements that promise "incredible discounts", "unrefuseable offers" or "guaranteed prizes". "Of course, these offers are just social engineering techniques designed to excite and distract users, convincing them to quickly enter their sensitive data, especially card data, on a site controlled by attackers", the experts also said. They explain how to protect against such behaviors: "We avoid accessing links from unknown or dubious sources, especially from sponsored or recommended posts on social media! It is advisable to always use a security solution to scan them when we have suspicions. We check for the existence of a contest or promotion on the official channels of the company in whose name the campaign is being carried out. We check the date the page that is spreading the fraud was created. Fraudulent pages are usually created recently." Shopping is no longer as simple as we thought.