In the recent breach of British Airways website, 380,000 transactions were reportedly intercepted and financial data stolen via a “skimming” script from the online payment forms imbedded in the website.
Here is a video talking about the security breach – with Professor Bill Buchanan from Edinburgh Napier University
The incident was investigated by RiskIQ who have summarised that the code was injected into the website via a man intercepting third party code.
This is not uncommon with such large sites, increasingly, large companies are embedding code from outside sources or third parties, these could be strings of code used to authorise payments, but via method called “supply-chain attack” malicious code can be inserted in it’s place.
Due to this, RiskIQ warn more similar attacks are likely.
“Andrew Dwyer, a cyber-security researcher at the University of Oxford added that the attackers appeared to have gone to “extraordinary lengths” to tailor their code to the BA site.” – BBC News
Tips to avoid being targeted online:
– When entering card details into a web page ensure that the site is secure. You can do this by simply looking at the top of the page for a padlock. Both Edge and Chrome emphasise the security of payment pages to help users.
In the examples above you can see our site certificate and padlock – we do not take payments via our web site. There is one further thing you should check when making an online payment the padlock should be green – this demonstrates that the provider has an extended validation certificate. These are much harder to obtain and add credibility to the company and security to your transaction.
In this example you can see PayPal’s green padlock.
– Use a payment service like PayPal – PayPal offer ability to get a debit card that you can use for online transaction. Remember to double-check the payment information to make sure that you are paying the correct amount.
– If you are going to speak to someone by phone and give them your card details and CVV number make sure you trust the people on the other end of the line. It is best if there is a bona fide relationship with them.
1. Use an up-to-date anti-virus system and run periodic scans with a trusted anti-malware product
2. Check it is “https” the address bar
3. Check the padlock is green if you are going to share your card details
4. Use strong passwords
5. Watch out for fake Ads and Coupons
For more tips and hints on #TechnologyWithoutTears speak to our trusted team members on 01522 797520
Kamila & Michael