Newton's third law is: For every action, there is an equal and opposite reaction. This might help explain why cybercriminals are so active during the holiday season. It's their opposite reaction to everyone who is in the joyful, giving spirit.
As you may have guessed by now, we have another cyberattack to warn you about. This one involves online shopping, just in time for Christmas.
It was only last week that we told you about another data breach at Yahoo. In this breach, there were around 1 billion Yahoo customer accounts exposed.
Now, we've learned that some Groupon users have had hundreds of dollars stolen from their bank accounts.
Fraudulent Groupon purchases
What's happening is, some Groupon customers are receiving confirmation emails for purchases that they never made. Some of these purchases have been for items costing up to $1,000, including iPhones and iPads.
Groupon has confirmed that some of its customers' accounts have been compromised. However, the company claims that its site has not been hacked. What they are saying is that hackers are using stolen credentials from attacks on other sites and services.
A Groupon spokesperson told the "Daily Mail," "What we are seeing is a very small number of customers who have had their account taken over by fraudsters. Fraudsters have a number of ways in which they can obtain your login details to a website including phishing-emails, trojan attacks, spyware and malware."
This scenario is quite possible. Once a criminal has someone's login credentials, they can get into their account and make fraudulent purchases.
If you have a Groupon account, you should check it immediately to see if there have been any purchases made by someone other than you. You should also take a look at your bank accounts to check for any suspicious activity. If you see anything odd, report it ASAP!
If you see fraudulent activity on your Groupon account, contact its customer support and report it. The company's policy with fraud involves an investigation and once it determines a purchase was fraud, you get a full refund.
Whenever there are reports of a massive data breach or cybercrime, there are some safety procedures that you should follow.
Implement these safety steps:
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Check HaveIBeenPwned - this site will tell you if your information has been stolen in a previous breach.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on highly reported cybercrimes. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check email security settings - Make sure the email account associated with the hacked site has updated security settings.
- Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.