Complex Made Simple

Middle East web users can shop safer using simple measures

The rapid rise of online payments is being matched by a surge in internet fraud in the Middle East, but there are various measures one can take to safeguard online banking and e-commerce, according to security experts.

Middle East ecommerce revenue is expected to rise by more than one third between 2010 and 2015, according to the Middle East Internet & B2C E-Commerce Report 2012, by yStats.com.

However, this increase in online shopping in the region is providing more opportunities for web fraud, with 70% of phishing scams globally now related to online payments, according to Kaspersky Lab.

Anti-virus software reduces risks, but users must surf safer

Traditional anti-virus packages offer tools that majorly reduce the risk of a Trojan infection, with anti-phishing technologies and both web and file anti-virus prevention. However, cybercriminals are becoming increasingly inventive and relentlessly release malware mods to bypass protection.

“The problem is that internet users across the Middle East are eagerly subscribing to online services without paying much attention to the underlying security implications,” says Nicolai Solling, Director of Technology Services at Help AG.

“Cyber criminals are equally eager to cash in on this growing trend. With financial gain being the prime motivation behind such activities, victims of online identity theft stand to suffer substantial monetary losses.”

As the volume and sophistication of malware attacks continues to increase, internet uses in the Middle East need to take proactive measures to protect themselves. Solling offers the following suggestions.

• Consider the endpoint – when making transactions, use a PC that you trust. Unknown machines, in colleges or web cafes, may be compromised, so it’s always safer to do online banking from home. You can also use an un-rooted, non-jailbroken tablet, as malware is relatively unsophisticated on these platforms.

• Passwords are paramount – your first line of defence must be unique. Even a good alphanumeric password can be tainted if used for multiple accounts. The recent LinkedIn security breach led to 6.5 million passwords being stolen, so all users who reused the same password also comprised their other accounts.

• Browse safely – despite the seemingly constant updates, most browsers are vulnerable to cross-site-request forgery. An authenticated banking session can be hijacked by sites open in other windows. Simply close other browser windows when you log into sensitive applications.

• Stay updated – it’s not only your browser and OS that need frequent security updates. It is important to not delay installing the latest patches for Java, Flash, Adode products, etc.

• Boot out bots – instead of always hibernating computers, consider fully shutting down. A full reboot will erase many types of malware.

Social media, email riskiest activities based on trust

The highest risk of web fraud against individual users comes via using email and social media because of the explicit trust you have from a message sent from a ‘known source’, explains Dmitry Bestuzhev, Head of Kaspersky’s Global Research and Analysis Team.

“Cybercriminals really value usernames and passwords for social networks, because it allows them to commit other kinds of crime – these are targeted infections. In some countries, we even see kidnappings based on information gained through web hacks. This is cybercrime feeding into classic crime.”

A recent study showed that web user may now be wise to email scams, but are more exposed to threats via social media.

“Last year we did some research, asking users if they would open any attachment from a known sender,” explains Kaspersky’s Chief Security Expert, Aleks Gostev. “One in 20 said yes, they would open anything. We asked the same question about links via a friend on a social network – 10 people said yes they would click a link.”

“Most users access social networks daily. If you have a Twitter account with 1,000 followers and someone manages to send a malicious link via your account, then those followers are quite likely to click on that link and risk getting infected,” explains Gostev.