10 tips to keep you safe from online scammers this holiday shopping season
Welcome to Threat Intel’s #WednesdayWisdom column, a weekly read to help improve your cybersecurity knowledge and keep you informed on important developments.
With December dawning tomorrow, the holiday season is well and truly upon us.
The Thanksgiving holiday weekend, incorporating Black Friday and Cyber Monday, will have seen some serious cash splashed on presents for the holiday season.
The National Retail Federation in the US predicted that 154 million consumers would shop over the holiday weekend, with 44 percent of them planning to do this shopping online.
This is good news for online retailers, but also good news for fraudsters who may be looking to take advantage of holiday shoppers online.
What can you do to make sure your dream holiday buy doesn’t turn into a nightmare?
1. Do not use insecure Wi-Fi connections: More and more people are using their mobile devices to shop online. However, you should never enter sensitive information — such as bank or credit card details — if you’re using public Wi-Fi. Make sure you are connected via a secure Wi-Fi connection before making any purchases.
2. Only shop on secure and reputable sites: Make sure the site you are purchasing from is secure and has a valid encryption certificate. Check the website address to ensure it includes ‘https’ and has the green padlock symbol beside it to indicate that it’s using a secure connection. Sticking to reputable retailers for your online shopping will, in most cases, ensure that your transactions are handled securely.
3. Beware of fake apps: Fake apps that impersonate the apps of legitimate retailers is an issue that frequently comes up at this time of year. A good rule of thumb (in general) is to not jailbreak your device and only ever download apps from the App Store or Google Play. However, even doing that cannot guarantee the app is legitimate, as fake apps can slip through the cracks. There were reports just last month of fake apps appearing in Apple’s App Store, which is known for scrutinizing apps more closely than Google Play. Check the name of the developer behind the app and only download apps that are well-established and reviewed, and come from legitimate sources. Be wary of apps that have suddenly appeared in the run-up to holiday season.
4. Watch out for ‘confirmation’ or ‘package tracking’ emails: A scam in recent weeks saw malware being distributed through spam emails claiming to be from Amazon. The email came with an attachment that, if opened, would download malware onto the victim’s computer. Always be wary of downloading attachments or clicking links in unsolicited emails. If you receive an unexpected email, study it carefully for any signs it may be fake — such as a lack of personal details about you, spelling mistakes, or poor English. Don’t reply to these emails and if you want to check what is happening, contact the sender by typing the address of the legitimate website into your address bar and finding the contact details that way.
5. Sign up for alerts from your bank: Many banks will text or email you if there are ‘suspicious’ transactions on your account, or transactions over a certain amount. Opt into these alerts so you can keep an eye on how your credit and debit cards are being used and put a stop to any fraudulent activity straight away.
6. Don’t give out personal information: Obviously, if you’re buying goods online, you need to give out information such as your name, address and payment details. However, if a website starts looking for personal details such as your Social Security Number or mother’s maiden name then your suspicions should be raised. If a website won’t let you make a purchase unless you provide that type of information then you should probably get out of there.
7. Do not re-use passwords: We have previously published a piece on the myriad reasons why you should create strong passwords. All those reasons apply when setting up accounts on shopping websites, too.
8. Use two-factor authentication (2FA) when available: 2FA means that an attacker can’t just use a stolen password to break into your account; they’d need access to another device or email address belonging to you to get another login code. You should apply this feature to most of the websites you use, such as Gmail and Instagram, which offer 2FA, but it is particularly important when you are using a website in which you are entering banking or credit card details.
9. Install updates: Before doing any online shopping, make sure you have the most up-to-date version of your desktop or mobile operating system, and browser, installed, as this will ensure your device is protected with the latest security patches.
10. Make sure your computer has robust protections in place: Ensure your device has a good antivirus program installed that will catch any nasties you might encounter in your shopping expedition across the internet.
Happy spending!
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
