E-commerce scams, weak two-factor authentication among latest cyber concerns for Kiwis

October Consumer Cyber Safety Pulse Report – From Norton.
Photo credit: Getty Images

New e-commerce scams, weak two-factor authentication and leaky websites are being highlighted as current dangers to people's privacy and security.

They have been spotlighted by Norton in its latest Consumer Cyber Safety Pulse Report, which also claims the company blocked 1.3 million threats in New Zealand in the month of September.

The three issues being highlighted have been identified by Norton Labs as "sneaky" ways cybercriminals have been attempting to compromise people's security by using the internet in ways they probably trust.

Weak two-factor authentication

Two-factor authentication (2FA) is increasingly used as a more secure way than a single password to log into services online or prove one's identity.

However, Norton said several important companies were recently compromised as their 2FA systems were defeated.

"Cybercriminals have become experts at catching one-time codes used in most 2FA and they know that by undermining the systems that send the codes, their efforts are even more effective," said Jeff Nathan, technical director and researcher at NortonLifeLock.

"Consumers should use FIDO U2F (Fast IDentity Online universal two-factor) tokens everywhere they can, as they aren't susceptible to these phishing attacks." 

E-commerce scams

Scam e-shops can be very sophisticated, with well-designed websites, positive reviews and ties to social media accounts that look legitimate.

A basic rule of thumb that should always be used is: if it's too good to be true, it probably is.

Scam e-shops ripping off Kiwis.
Prices seem too good to be true? Don't trust them. Photo credit: supplied

Websites you've never heard of before that are selling products you are interested in for much cheaper than their usual price point should always get your alarm bells ringing.

Norton also advises:

  • Check the website's safety on a URL or domain lookup tool
  • Check the refund policy and 'about us' sections of the website - these often look more obviously dodgy on scam websites than other sections
  • Beware of a website asking you to use an unusual payment method
  • Don't trust reviews, especially if they're on the website itself; even third-party reviews can be bought by scammers.

Leaky websites

Norton Labs found that 80 percent of websites share search terms with advertisers, either accidentally or deliberately.

Think about what you may have typed into the search field of a medical or pornographic website, or how a search about a family or legal situation could be used against you if a company was able to buy that information.

There are many tools that can be used to give you greater privacy from this happening - like ad-blocking and tracker-blocking software, and using a VPN.

The Norton Consumer Cyber Safety Pulse Report follows the government agency CERT NZ's Cyber Smart Week 2022, which was October 10-16.

CERT NZ's top tips for keeping cyber safe this year include strengthening your passwords, making sure you have 2FA turned on, turning on software auto-updates and boosting your privacy settings on social media platforms.