Cybercriminals are always on the lookout for unique opportunities to scam people and steal their information. During the COVID-19 pandemic, cybercriminals discovered countless ways to target people: posing as government officials and demanding personal data, promising miracle cures and early access to vaccines, and setting up fraudulent charitable organizations. Matt Lindley, COO and CISO of NINJIO, stresses the need to be cautious and shares cybersecurity tips for safe holiday shopping.
Now that applications for student loan forgiveness are open in the United States, the government is already warningOpens a new window of relief-related scams. The holiday season presents yet another opportunity for enterprising cybercriminals, who can exploit an influx of digital activity and transactions to hijack credit card numbers, login credentials, and other types of sensitive information.Â
Holiday shopping presents a target-rich environment for cybercrime. As sales volume increases and consumers search for discounts and promotions, cyber criminals can easily convince victims to click on phishing emails, provide account information, and send money to the wrong places. Cybercriminals often deceive victims by generating a sense of urgency. This tactic works particularly well when consumers are trying to get all their holiday shopping done within a certain timeframe.
As cyber criminals prepare to launch attacks this holiday season, so should consumers. Here are the top five ways you can stay safe as you shop online.
1. Beware Of Phishing
According to the FBI, there are more victimsOpens a new window of phishing each year than any other type of cyberattack. During the holiday shopping rush, there will be an explosion of phishing emails and other fraudulent communications.
There are many ways to spot a phishing email: links that differ from the domain, unnecessary attachments, and urgent demands for sensitive information, to name a few. You should also be on the lookout for misspelled words, sentences or phrases that don’t make sense, and messages from unfamiliar organizations. Some phishing attacks are far more sophisticated and believable than others, so your safest bet is to navigate to retailers’ legitimate websites â€“ just don’t do so via a link in an email or text.Â
2. Make Credential Security a Top Priority
In a Google and Harris Poll surveyOpens a new window , almost two-thirds of respondents admitted that they reuse passwords for multiple accounts, while 13 percent say they use the same password for all accounts. Less than a quarter use a password manager. Just as the use of stolen credentials is the top tactic in breaches of companies, credential theft is a major problem for individual consumers (especially when those credentials are widely reused).Â
While password managers are valuable tools for preventing credential theft, some forms of credential storage should be used with caution. For example, when you store passwords in your browser, they can be put at risk if the master account is breached. This is why you should always change your passwords upon receiving a login notification that you didn’t initiate. And never accept an authentication request that wasn’t generated by your own login attempt.Â
3. Be Especially Careful if You’re Shopping While Traveling
The risks of shopping online are even more pressing for travelers, as they often browse retailers’ websites and input credit card information from airports, coffee shops, and other public places. This is why consumers must be especially careful as they travel to see friends and family for the holidays.Â
Consumers should never provide sensitive information (even to legitimate websites) if they use unsecured public WiFi, as hackers can easily intercept that information. This is why you should always use a VPN on public WiFi. It’s important to remember physical device security, too â€“ traveling shoppers are liable to leave their devices unlocked on a plane or in a hotel lobby.Â
4. Don’t Visit Suspicious Third-party Websites
The safest way to shop online is to go directly to a trusted retailer’s website. Over the next few months, there will be a barrage of banner ads and other messages tempting consumers with low prices, but clicking on them is a mistake. While major retailers certainly don’t have a perfect record of cybersecurity, they’re generally much safer than small digital sales operations â€“ some of which don’t even have basic encryption on their websites (always look for â€œhttpsâ€ in the address bar). There’s also a possibility that some shopping links will take you to dummy websites where cybercriminals will be able to snatch your personal data directly.Â
5. Remain Vigilant All Year
Even careful shoppers sometimes make mistakes: maybe you clicked on a malicious link but closed it immediately, or used public WiFi for just a few minutes before your flight departed. Minor missteps like these can give hackers the only footholds they need. In many cases, it could be a long time before you realize that one of your accounts was breached â€“ your information might show up in a major data leak, or you may receive a fraudulent login request months later.Â
Cybersecurity should be a long-term priority â€“ while cybercriminals will be especially active over the holidays, their attacks are only becoming costlier and more relentless. Consumers shouldn’t just be focused on staying safe over the next month â€“ they should use the occasion to develop healthier cybersecurity habits for years to come.Â
The typical American household has 22 connected devicesOpens a new window , while people spend almost 40 hoursOpens a new window per week online with their smartphones, tablets, and computers. It’s no surprise that cybercriminals are taking advantage of this surging digital activity, which should matter to you 365 days a year.Â
Image Source: Shutterstock