GUEST BLOG: Watch Out for Cyber Threats while Shopping during the Holidays (THINK WIFI)!

02 December 2016 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.

As we welcome the winter holidays, purchasing gifts online is expected to increase this year by 7 to 10 percent according to the National Retail Federation. This is a boon to the online retail community.  It can also be a boon to data thieves.

As consumers wander the mall looking for the perfect gift or travel to relatives houses, they bring a myriad of electronic devices. Laptops, gaming systems, and the ever present smartphone all attempt to make life easier by connecting to WiFi networks.  Legitimate WiFi networks provide a great service allowing consumers to evaluate pricing and the availability of gifts.  Attackers are also known to setup their own WiFi networks to trick unsuspecting users into passing their information in clear view of the attacker.

In many cases these fraudulent networks will look similar to legitimate networks with names like “Free Store_Name WiFi”, “Free Airport_Name WiFi”, or “Hotel Guest Wifi”.  Data thieves will use these networks to perform what is called a “Man-in-the-Middle” attack.  In this scenario the consumer connects to the attacker’s fraudulent network and the attacker connects to the Internet.  So, to the consumer, it appears that they are using the Internet as normal.  By forcing you through their network, though, the attacker can monitor, collect, and store usernames, passwords, credit card data, and other confidential information.

Usually employees of the store, airport, or hotel will know the legitimate network, but what if you just can’t tell? There are a few things that anyone can do to protect themselves:

  1. Verify connections to websites are secure and use SSL for online shopping. The easiest way to check is to look in the website’s address for “https://”. Sites using https:// are protecting their customer’s information by encrypting the consumer’s information as it passes across the Internet.
  2. Make sure you are actively checking credit card statements. Don’t wait until the end of the month if you have online access to your transaction history.
  3. NEVER use the public use computers in hotels for anything confidential. These systems have been targeted by identity thieves in the past, since they are easy to compromise and attract many different individuals. Even using SSL connections mentioned in point 1 is pointless on these systems because attackers can capture the information directly from the attached keyboard.
  4. Use a Virtual Private Network (VPN) connection if possible.

Watch out while shopping online now and in the future.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.


Related Services