Click Frenzy Mayhem and Cybersecurity

It is that time of year again when we see online shopping go bananas as ClickFrenzy Mayhem goes live in less than 24 hours.

In an interview with News.com.au ClickFrenzy co-owner Grant Arnott gave shoppers tips on how to grab a bargain. One of those tips concerns me a little and another worries me a lot.

Take a look at the screengrab and see if you can work out where my security freak senses are tingling.

“Turn off adblockers” – OK. A bit of a worry but we can always turn it back on once done. You have to hope that the ads served up on the site are free of nasty code that will cause problems. It is rare but can happen. This is not the bit that puts me on edge.

“Only Mastercard and Visa will be accepted. We recommend putting your preferred settings for payments in your browser’s autofill to speed up the process.”

Can you see it?

I will spell it out..
“We recommend putting your preferred settings for payments in your browser’s autofill to speed up the process.”

Using browser autofill to store critical information (like credit cards) is asking for trouble especially with the places we go on the internet with our web browsers. That information is stored in your web browser and it takes very little to trick a browser into handing over credit card information by crafting a web page that has fields off screen that ask for credit card information. This has been proven to be easy to do as reported in this ZDNet article.

So what do I recommend?

If you really MUST make the most of the sale and you desperately need to have a quick way to fill in credit card details then I suggest installing a browser that you will only use for this event and then delete that browser immediately after you install it.

Windows users looking for an easy way to install additional web browsers can go to one of my favorite sites Ninite.com, select the browser alternative you don’t already have then uninstall it as soon as you are done.

Apple users can go for browser alternatives like Firefox, Opera and like Windows users remove the browser as soon as you are done to prevent malicious websites from stealing your credit card information.

As good as the Click Frenzy Mayhem event may be, this approach to cybersecurity is a disaster waiting to happen. Cybercriminals are seeing this and are primed to pounce on users that have followed this advice.

If you are reading this after saving your credit card details in your browser, do the right thing and delete your browser AFTER installing an alternative or to be sure you can have your credit card reissued.

I rely on the community around me to give me a heads up on possible stories. A big thankyou to Angela who tipped me off on this one. You know who you are and you rock!

Leave a Reply

Your email address will not be published. Required fields are marked *