I love this time of year; the air gets crisp, the leaves start to turn, and I get to wear sweaters all the time. However, the thought of leaving the house to battle the crowds elicits panic level 12. Perhaps that's why online shopping is gaining even more popularity. An estimated 165.8 million people shopped between Thanksgiving Day and Cyber Monday in 2018!
Why not shop online? We can sit in our PJs, sipping hot chocolate, and buy those gifts while binging Love Actually. Unfortunately, it's also the perfect time for cyber criminals to be active as well, creating fake shopping websites and using other tactics to scam people.
Here are a few tips for safer shopping this holiday season.
Think twice before clicking on links or attachments
Some emails may seem like confirmations for erroneous purchases and include a link for you to dispute or cancel the transaction. Others may warn you about a failed delivery attempt. By clicking on these links you might be installing a virus.
Shop at well-known companies. Research ones you're not familiar with
Cyber criminals create fake online stores that mimic the look of real sites. When possible, purchase from the online stores you already know, trust, and have done business with. And look out for prices that are significantly better than those you see at the established online stores. If the deal sounds too good to be true, it may be fake!
Sign up for text alerts from your credit card company and bank
Check your credit card and bank statements regularly. If you find any suspicious activity, call your credit card company immediately and report it.
Limit activity on public wireless networks when shopping on the go
Treat all Wi-Fi hotspots and public computers as compromised, even if they appear to be safe. Limit using them, especially logging in to key accounts, like email and banking. And set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure or fraudulent hot spot.
Turn on two-step authentication on key accounts like banking and email
Scammers often use malware, phony websites, and other methods to crack a password. Two-factor authentication uses your password and security token or one-time code sent to your mobile device. This method combines something you have (a token or code) with something you know (a password). Two-factor authentication is more effective in securing account access than a password alone, making it more difficult for criminals to access your accounts.
When shopping, make sure the site is secure by checking the URLs has an https:// at the beginning
When you go to a site that uses HTTPS (connection security), the website's server uses a certificate to prove the website's identity to browsers. Think: S is for Santa and Safer Shopping.
Use different passwords for different websites
Having separate passwords for every account helps to thwart cybercriminals. Recycling the same password across accounts means that if it's stolen - even once - everything from your personal email to your bank account could be hijacked.
Use a credit card instead of a debit card for extra protection from fraud
Avoid using debit cards whenever possible. Debit cards take money directly from your bank account; if fraud has been committed, you’ll have a much harder time getting your money back.
Additional Resources:
- US News, 9 Holiday Scam to Watch Out for this Season: https://money.usnews.com/money/personal-finance/spending/articles/9-holiday-shopping-scams-to-watch-out-for-this-season
- SANS November 2019, OUCH Newsletter, Shopping Online Securely: https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
- MS-ISAC Newsletter, November 2019, 8 Shopping Tips for the Holiday Season: https://www.cisecurity.org/newsletter/8-shopping-tips-for-the-holiday-season/