My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.
As we welcome the winter holidays, purchasing gifts online is expected to increase this year by 7 to 10 percent according to the National Retail Federation. This is a boon to the online retail community. It can also be a boon to data thieves.
As consumers wander the mall looking for the perfect gift or travel to relatives houses, they bring a myriad of electronic devices. Laptops, gaming systems, and the ever present smartphone all attempt to make life easier by connecting to WiFi networks. Legitimate WiFi networks provide a great service allowing consumers to evaluate pricing and the availability of gifts. Attackers are also known to setup their own WiFi networks to trick unsuspecting users into passing their information in clear view of the attacker.
In many cases these fraudulent networks will look similar to legitimate networks with names like “Free Store_Name WiFi”, “Free Airport_Name WiFi”, or “Hotel Guest Wifi”. Data thieves will use these networks to perform what is called a “Man-in-the-Middle” attack. In this scenario the consumer connects to the attacker’s fraudulent network and the attacker connects to the Internet. So, to the consumer, it appears that they are using the Internet as normal. By forcing you through their network, though, the attacker can monitor, collect, and store usernames, passwords, credit card data, and other confidential information.
Usually employees of the store, airport, or hotel will know the legitimate network, but what if you just can’t tell? There are a few things that anyone can do to protect themselves:
Watch out while shopping online now and in the future.
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns