Sat | Dec 14, 2019

Growth & Jobs | ‘Don’t invite cyberattackers under your Christmas tree’

Published:Tuesday | December 3, 2019 | 12:19 AM
Colin Burgess, IT infrastructure manager at MC Systems.

Twenty-three-year-old Abena McDonald has already written her Christmas shopping list and will be making her purchases online to avoid the holiday rush or last-minute shopping.

McDonald is the typical millennial who gravitates towards online shopping. For her, the benefits of shopping online far outweigh conventional shopping, as she is able to get attractive deals and quality merchandise.

However, Colin Burgess, IT infrastructure manager at MC Systems, an affiliate of the non-financial arm of The Jamaica National Group, warned consumers that they should be even more cautious when shopping online, especially during the Christmas season, as cyberattacks tend to spike during the period.

“Consumers can fall prey to these cyberattacks, especially if the attackers disguise themselves as a trustworthy friend or a familiar entity, and acquire sensitive information,” informed Burgess.

He said that this form of cyber-attack accounts for a 91 per cent success rate. “Be on your guard. Only open emails, attachments and links from persons you know,” he added.

The IT infrastructure manager stated that everything does not appear as it seems, because it has become easier to steal the logos and letterheads of established organisations and make emails appear to be legitimate.

“Pay attention to a website’s URL. Hover over any links to see where they lead. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly,” he advised.

Burgess said that consumers should not reveal personal or financial information in emails, SMS text messages, or over the phone. He added that antivirus software should be updated regularly.

He advised consumers to be cautious about who they share their credit card details with, and think carefully before buying anything from a website that doesn’t look authentic. Avoid websites that don’t offer the use of a secure payment facility, such as PayPal, he added.

Additionally, be aware of the potential risks of using online payment services that require your credit card details. If they were hacked, or had their database otherwise accessed by someone who is up to no good, it could result in you becoming a victim to credit card fraud.

Burgess also noted that attackers use information from social-media platforms to acquire personal information to launch an attack. He said it is important that limited information be posted about you on these platforms, including your emails and your workplace.


- Do not click links in emails.If an organisation, such as your bank, sends you a link, launch your browser and go directly to the bank’s site, instead of clicking on the link itself. You can also check the destination of a link by hovering your mouse over it. If the URL does not match the link’s anchor text, or the email’s stated destination, there is a possibility that it could be malicious.

Burgess said that many spear-phishing attackers will try to obfuscate link destinations by using anchor text, which seems to be a legitimate URL.

- Shopping on a smartphone? Use a retailer’s app. You may be even more vulnerable to some basic scams. Since URLs are harder to view on a small screen, you could be tricked by the explosion of tricky newer top-level domains, such as family or club. Stick to the official apps on your device and you won’t have to worry about checking those web addresses.

- Use one browser for all transactions. It doesn’t matter if it’s Chrome, Firefox, Edge, Opera or Safari. Pick one browser and only use it for anything that involves shopping, banking or checking your financial accounts. And don’t touch it for anything else –especially social media.