Cybersecurity is probably the last thing on a person’s mind during the hustle and bustle of the holidays, and understandably so: It’s easy to get carried away amid the stress that this time of year brings, especially when it comes to finding gifts for everyone on your list. Luckily, online shopping has made it easy for many to steer clear of crowded stores and malls, making it convenient to get it all done with a few clicks of a mouse or swipes on a phone screen. But the seemingly innocuous act of inputting your credit or debit card information online could lead to major consequences if you’re not paying attention.
According ACI Worldwide, online fraud attempts rose 22% between Thanksgiving and New Year’s Eve last year, meaning that one out of every 85 transactions was a fraudulent attempt. The statistic likely correlates with the thousands of dollars that Americans pour into holiday shopping each year. Ahead of the season, the National Retail Federation forecasted that consumers would be poised to spend an average of $1,007.24 during October, November and December, a 4.1% increase from the $967.13 projected last year. With spending reaching record highs during these months, it’s no wonder that cyber criminals want in on the action.
LAAPOA wants to encourage its members to shop smart during the season and throughout the year. “Staying vigilant online will help you dodge cyber criminals who are out to steal your identity, money and holiday cheer,” says LAAPOA President Marshall McClain. “I urge all of our members, families and friends to review and utilize these helpful tips to keep their sensitive information safe and secure.”
Use Secure, Legitimate Websites
According to the Better Business Bureau, online purchase scams were ranked number one in the “Top 10 Scams in 2017” list, with more than $13 million lost among consumers who used fake websites. To make sure you don’t become a victim of this scam, first, pay close attention to the website in your browser’s address bar. So-called “typo squatters” register typo-ridden domains that closely resemble legitimate websites (think LAAAPOA.com instead of LAAPOA.com, for example), and these fake sites may ask for personal information or infect your computer with malware. Second, whenever you reach a site’s checkout page, make sure that your browser shows a lock symbol and web address beginning with “https,” which means that it’s secure (an easy way to remember this is: “s” stands for secure).
Use Different Passphrases for Each Account
While slightly inconvenient, having multiple passphrases (longer versions of passwords that contain a mix of capital and lowercase letters, symbols and numbers) for each of your online accounts will keep hackers from gaining access to personal and financial information. According to USA Today, hackers have been known to keep searchable lists of all the account IDs, emails and passwords they’ve stolen, and they often share or sell those lists to other hackers. Once a hacker gains access to one account, they apply those same passwords to accounts that people have across the web, such as bank accounts and stores, then mine information. Having multiple, sophisticated passwords will deter hackers from stealing your information and keep you from being added to their hacked lists. If you want even more protection, activating two-step verification — which requires your password and a code that’s sent to your cellphone — on your accounts will add another layer of security. Need help keeping track of usernames and passwords? There’s an app for that. There are numerous free and paid password management tools, such as Keeper Security and Dashlane.
Don’t Fall for Phishing Emails
Phishing emails are unsolicited emails that look legitimate but are actually well-crafted, fraudulent messages requesting sensitive information. While most email services are quick to filter out these messages on your behalf, some might fall through the cracks because they closely resemble emails that you get from banks, stores or charities, with grammatically correct text, sender information, logos and formatting. To avoid this scam, a key red flag to watch for is if the sender asks for details such as usernames, passwords, date of birth or Social Security numbers. That tells you the message is a fake, because a legitimate business or financial institution will never ask for this information via email (or phone, for that matter). These emails also include links that, when clicked on, could expose your computer to malware, such as viruses, Trojan horses and worms. A common phishing scam during the holiday season is fake package delivery notices that include such malicious links.
Don’t Use Unsecured Wi-Fi Networks
While it may be tempting to save time and shop online while at a café or airport with free Wi-Fi, it’s best not to. Much like typo squatters, there are hackers who create rogue Wi-Fi networks near businesses that offer free Wi-Fi. These rogue networks seem secure and even have names similar to the ones that they’re trying to copy, making them hard to discern at first. An unsuspecting consumer might choose the wrong network out of confusion and unknowingly expose their information to hackers, who can intercept account login or credit card information on such networks. Also, even when you do choose the correct network, it doesn’t necessarily mean that it’s secure. Bottom line? It’s best to leave online shopping at home.
Don’t Save Your Credit Card Information
With reports of numerous security breaches each year on “secured” websites belonging to big-box retailers, it’s unwise and unsafe to safe your information on file, no matter how much it expedites the shopping process. Instead, input your number each time you shop and, if possible, choose credit over debit. Credit cards offer a layer of protection thanks to the Fair Credit Billing Act, which limits the liability for unauthorized use of credit cards to $50. But it’s not a completely fail-safe method. Cyber criminals have been known to use credit cards for small purchases under $50 to not raise suspicion. It’s recommended that you closely monitor your credit card statements to make sure that all purchases are authorized.
LAAPOA wishes you a safe and happy holiday season!