Advent candles on our wreaths are slowly but surely starting to light up - Christmas is coming! The following month is often used to prepare for the Christmas holidays, but it also gives space to slow down after the past year and find peace. The Cybersecurity Team of Masaryk University has prepared an Advent wreath for you for this season. It will shed some light on one topic every week that may be useful for you in pre-Christmas. We will look at what traps cyber attackers can prepare for us during this time - you guessed it right, they're not sleeping. Instead of resting, they reveal places and situations in which we are especially vulnerable when buying gifts and decorating trees. However, it will not only be about pre-Christmas cyber threats. We will also get to other topics. For example, how cookies (not Christmas ones) can interfere with your privacy. If you think it doesn't make sense, follow us, and we'll shed some light on it. :-)
Do you buy gifts online well in advance, or leave it to the last minute? For most people, online shopping is much more convenient than endlessly browsing the malls. E-shops often offer products at much better prices, so why not take advantage of it?
But especially during Christmas, online shopping can be risky for heedless customers. The Internet is full of fraudulent e-shops. Spam and phishing messages arrive in the e-mail inbox with fake discounts, favorable loans for gifts, or requests for payment of postage for a package waiting at the post office. The attackers aim to lure as much personal and sensitive information from people as possible. This also includes login data to various accounts (for example, online banking).
But what to look out for in the flood of Christmas attractions? Fortunately for us, fraudulent e-shops often show similar features:
Significantly lower prices than competitors - too good to be true
Very attractive prices of branded products and discounts are typical for fraudulent websites. Merchants offer these items at a discount of up to 80%. In such cases, these are probably not real pieces, or the seller doesn’t have these products available at all. Here it is advisable to look for the price range in which the product is on the websites of well-known sellers.
Perhaps at first glance, the URL address looks like the address of a legitimate website. But if we pay a little more attention to this detail, we can notice an almost imperceptible confusion of two letters, the absence of a letter, the different placement of a dot, etc. Attackers rely on our carelessness, inattention, and the possibility of a typo when entering the address manually. A simple check of the URL address will help you avoid fraud and hassles connected with a possible refund.
Grammatical errors in the text
Because the attackers are often from abroad, they rely on machine translation of entire continuous texts. But it is not perfect, which is why after reading it, the sentences may seem incomprehensible with many grammatical errors. In the case of the Czech language, the clues are typical Czech letters with diacritical marks, the use of i/y, or inappropriate punctuation.
Missing terms and conditions and contact details
Merchants intend to provide customers with the most user-friendly experience possible if a problem occurs during an order. Missing information or vice versa, very complicated and incomprehensible conditions is a big red flag suggesting this is not a fair trade.
One of the indicators of a reliable e-shop are positive customer reviews or ratings on comparison websites. If the visited store has no reviews, it may not have sent any shipment yet or does not want to publish negative reviews. Also, remember that the seller can also write excellent reviews.
If you hesitate to order from a domestic e-shop because you are unsure whether it is a fraud, you can verify the seller on the website of the Czech Trade Inspection. Just scroll down, and put the name in the search box under “Hledat:”, which means to search in Czech. You can also check the website's security in Google Transparency Report.
And what to do if you have already purchased something on a questionable website? Do not hesitate to report the incident to the Police of the Czech Republic. We also recommend you contact your bank with a request for a transaction complaint.
Just as Santa or Jesus can see if children misbehave during the year and knows which gifts they grind their teeth on, website operators know what we are looking at and which Christmas gifts caught our attention on their website. One of the ways they get this information is through cookies, which we all know very well as annoying texts that pop up in the window when you first visit a website. But what exactly are they, and what are they used for?
Cookies are short text files sent by visited websites to the browser. It stores them on the user's device, and thus cookies uniquely identify your browser or device. These files can also be stored by other pages whose element (image, map, etc.) is on the displayed page. When you revisit the web, they are sent back to the server to make your next visit more pleasant. The consequence is, for example, that the site remembers the settings you chose yourself last time. There are several types of cookie files. For instance, they are divided according to their duration into seasonal cookies, which are deleted when the window is closed, and persistent cookies, which remain in the browser for a certain period.
The main groups are technical and profile cookies. Technical ones are necessary for the website's proper operation, and their storage does not require our consent. Examples of technical cookies are functional cookies that monitor set preferences (language, font, etc.) and analytical files recording summary data such as the number of users and their interaction with the website. Based on those, better functional elements are created. Profile files display and send personalized advertisements based on the created user profile. But they are also used to ignore ads, limit the number of impressions of a single ad, and measure effectiveness. However, this type of cookie can interfere with the user's privacy in a certain way. Therefore, according to European legislation, the operator must inform the user about their use and ask for their consent.
What, for one, can be an advantage without which they can no longer imagine surfing, for another, can be an unpleasant invasion of privacy. Thanks to cookies, we are shown more relevant search results, recommendations, personalized content (e.g., YouTube), and advertising corresponding to our interests. However, this data is linked to a specific user. Therefore, together with other data, it creates a digital trail, which results in a loss of anonymity.
The good news is that you can usually enable or disable cookies, delete existing saved files, or change preferences for individual websites in the browser settings. So it's up to us whether we make a path out of crumbs for Santa or rather play „hide and seek“.
Are you in a hustle before Christmas? However, this is the time when you should stay alert. Because all of us can become the target of one of the emerging scams during this Christmas period. There are many of those who take advantage of our busyness and distraction. In short, during this time, it's easier to make a mistake, one that can ruin the entire holiday.
Be wary of fake messages
It is a good idea to think a little more carefully about every message during this period. For example, we may receive a notification about an unclaimed shipment or a warning that it is necessary to pay the shipping fee immediately. A message formulated in this way may seem credible at first glance, but in reality, it is a fake message that usually aims to lure money from us.
Scams from bazaars
They pretend to be interested in our goods, which they want to buy immediately. Everything looks great. Maybe too much. The only problem is the fact that the applicant is from far away. They will ask us to send the package through a courier that looks like an established shipping company. The fraud itself is that the page is fake, and the fraudster can very quickly lure various personal and sensitive information from us.
They will send us a link, which usually contains an abbreviation of a known shipping company, but it is not its actual address. For example, in the detected frauds, the fraudsters sent an address in the form of pd-cz.order.5231.biz, but the correct address of DPD is www.dpd.com/cz.
After clicking on the fraudulent link, we are shown the sale summary. Everything looks correct. The fraudster's goal is to obtain information about our payment card or direct access to internet banking. Therefore, everything on the page leads to that goal. We can find there an offer of payment methods that is indistinguishable from those on trusted e-shops, as well as a smartly programmed chatbot from supposed customer support, which fraudsters refer to in the case of our objections to the payment method.
Statistics show that 2 to 5 % of Czechs plan to take a loan for Christmas presents this year. This situation fraudsters use for their benefit. They provide favorable loans wrapped in cute paper with Christmas motifs and a ribbon with a big bow. They promise that the loan will, of course, be processed comfortably and almost immediately. And next to the button for its request, the time until Christmas Day symbolically decreases second after second.
Only in small text at the bottom of the page can we find that the maximum APR is approximately 13713,7 %. Regardless of the fees hidden in the contract, which many of us do not read carefully. The amount that a person repays can then be much higher than the loaned sum. It may therefore happen that we would be repaying such a loan also next Christmas. That's why it is a good idea to consider whether you would rather enjoy a relaxing holiday without debt and with symbolic gifts than a holiday with debt that exceeds the value of the purchased gifts.
Just a moment of inattention, and we may lose a lot. It is, therefore, essential to be particularly careful in this pre-Christmas period. It pays off to check more carefully the offers, links, and the meaningfulness of the requests made to us through e-mails and SMS messages.
We have been protecting the cyber environment of Masaryk University for 13 years. Every year we encounter a lot of events that are interesting but also alarming. We always learn something while solving them. This year we also want to share some of this information with you.
War and good intentions
The conflict between Russia and Ukraine has inevitably also taken place in cyberspace from the beginning. Its start was associated with strong emotions and a desire to influence the situation somehow. Through our detection tools, we have identified that many users have taken the path of community DDoS attacks against targets in the Russian Federation. Simply put, it is an attack that aims to limit the availability of selected services or systems by overwhelming them with a high number of requests. However, this activism was not without risk, as some hack sites infected users' devices with malicious code.
Shipment for MUNI
We say it often: "Any of us can become the target of an attack. ". Our words are also confirmed by the campaign, which was targeted directly at Masaryk University. The attacker pretended to be its employee and tried to spread malicious code using fraudulent messages with an attachment. We usually encounter malware that the attacker sends randomly and hopes that someone will "catch". This time, however, during its creation, he focused directly on mapping the environment of our university. He also used publicly available information to establish the authenticity of the e-mail (address, contacts, context, and published data of employees).
How much will you get paid?
The salary calendar for 2023 is already available. Part of the users of Masaryk University could read exactly this sentence. The attacker first obtained an e-mail account at a college in New Orleans and then started sending fraudulent messages to MUNI. The message also included a link that was supposed to direct the recipient to a fake page authentically imitating the login form for IS MU. The whole campaign was extensive – it took place in 6 waves. The attacker used the obtained login details to spread his message further. Within Masaryk University, he managed to abuse about ten accounts, thanks to which his following messages could appear credible. It is also interesting that this was a partially recycled attack. There was a similar attempt by the attacker two years ago.
The year 2022 in numbers
However, much more has happened – check the specific numbers.
Total count of incidents in 2022
Automatic detection of attacks/scans
What is the takeaway from this article?
Cyber attacks are real and can affect all of us. Let's be cautious, educate ourselves, and if necessary, don't hesitate to contact CSIRT-MU – The Cybersecurity Team of Masaryk University.