With the Christmas festivities barely behind us, Chinese New Year decorations are already up across shopping malls and websites across Asia. Just like Christmas, annual e-commerce spending during this period reaches record heights, making it the perfect time for cybercriminals to exploit and deceive shoppers.
For anyone who is unfamiliar, one key difference during this holiday is of course the giving of little red envelopes (called hongbaos) containing money to family, friends and associates. While the practice is much loved by the young, it is less so by the not-so-young.
Thanks to China's wonder-app WeChat and many other remittance services, it's now becoming increasingly popular to send digital hongbaos. Since cybercriminals have already taken notice of this trend, fraudulent digital hongbaos have become one of the most widespread scams during this period.
Having clicked on an embedded link, unsuspecting users may end up on phishing pages that ask for sensitive financial details. Shenzhen Daily reported an incident where a man who received a rogue red envelope, filled out his banking credentials (account number and password) in an app downloaded from a linked-to website. Shortly afterwards, he discovered that almost $1,000 went missing from his bank account. Recipients of digital hongbaos should stay vigilant and refrain from disclosing their personal information, no matter how luring the gift may appear.
Cybercriminals also capitalise on Chinese New Year festivities by sending massive quantities of holiday-themed spam emails, sending booby-trapped files to numerous users. By opening these catchy email attachments, victims can unwittingly execute malicious payloads. This tactic is particularly used to spread file-encrypting ransomware that holds one's data hostage and extorts money in exchange for decryption.
Whilst there is no perfect solution for consumers to protect themselves online during the upcoming holiday period, here are some of the best practice tips to help protect yourself:
- Consider the reputation of the online store or app you are about to buy from. Have you heard of it before? Do you know anyone who has used it before? Remember, if something looks too good to be true, it usually is.
- When using a website, take a look at your browser and make sure your connection is SSL protected before inputting any private information. This SSL link ensures that all data passed between the web server and browsers remain private and integral. You can spot whether the website you are on is using an SSL connection by checking for the following:
- a. The padlock symbol appears in the address bar to show you that your connection to the server is secure. If this does not appear or if the padlock symbol is broken, then the page does not use SSL.
- b. The website owner's company name is displayed in the address bar, separately from the URL.
- c. The start of the URL changes from HTTP to HTTPS.
Sign up for Computerworld eNewsletters.