It’s that time of the year again: Holiday shopping. The clanging of the Salvation Army Santas’ bells you hear are also the alarm for cyber crooks and scammers to jump into high gear. It’s feeding time for them and they are all set and ready to take advantage of millions of online transactions.
Taking the appropriate steps to protect yourself, your money, and your credit standing before you venture online may save you a lot of heartache during the buying frenzy that generally starts after Thanksgiving. An ounce of Cybersecurity prevention is definitely worth a pound of cure. It can also save you from a financial or privacy nightmare.
You may not have IT support at your ready disposal since this issue is consumer based, so here are some critical safety tips to protect your online holiday shopping:
Check for Device Updates Before You Shop
Devices that rely on old software are easy pickings for crooks, whether they are computers, tablets, or smart phones. Yes, it’s tedious waiting through a 10-minute iPhone update, but it’s well worth it if it’s going to keep you more secure. If you use a company owned device, check with your IT support. If it’s not up to date, they can update it for you.
Hackers are always looking for vulnerabilities found in a device’s operating system (OS). Updates reduce your risk by installing patches for known vulnerabilities. Install all available updates before you use a device for online holiday shopping.
Do NOT Click Email Links to Go to Websites
This is good advice all year. While it’s a small annoyance taking the extra step to type ‘amazon.com’ into your browser rather than just clicking a link in an email, this is a standard phishing trap. Crooks ‘spoof’ or copy well known advertisers, so that the email you see that makes you think, “Wow – what a great price!” may need a little more scrutiny. These phishing attacks are already at an all-time high – even more so every holiday season. If you click on an email link to a malicious site, it can start a download of malware or lock up your system and your data with Ransomware.
Use a Wallet App Whenever Possible
It’s always a risk to hand your debit or credit card over to a website – especially if you haven’t shopped there before.
Whenever possible, use a wallet app or PayPal account. This way you don’t need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.). This eliminates the retailer as a potential weak spot.
Remove Saved Payment Card Info After Checking Out
Do NOT let websites like Amazon automatically save your payment card details. While it may make the next buy more convenient it puts you at risk. A hacker that gains access to your device or account could make purchases – which not only costs you money but can be difficult to explain to a spouse.
There is also the risk of a data breach at the retailer level. Customer data, including payment information, has been stolen from Neiman Marcus, Guess, CVS Health, and Forever 21 within the last three years – let alone the earlier massive thefts from Target, Home Depot, Saks Fifth Avenue, and eBay among others – and these corporations have top-notch internal IT services. Data breaches such as these are more common than you think. The fewer databases you allow to store your payment details, the better for your own Cybersecurity.
ONLY Shop at Sites With ‘HTTPS’ (Emphasis on ‘S’) in the URL
The standard for websites these days is ‘HTTPS’ rather than simply ‘HTTP’ - the ‘S’ stands for Secure). HTTPS means that a website encrypts the data transmitted through the site - such as your name, address, and payment information. Another ‘secure’ indicator is a small lock icon in front of the website address.
Double Check the Site URL
We all make typos from here and there - especially if you’re typing on a small smart phone screen. One typo can land you on a copycat or ‘spoofed’ site.
Cyber crooks buy domains that are close to the real ones for popular retailers – usually with just one misspelling (such as Amazonn.com), or an incorrect suffix – ‘dot net’ instead of ‘dot com.’ In the IT Services and Hardware business, phony purchase requests come through from universities and various types of schools, like ‘UCLA.gov’ which is wrong – it should be ‘UCLA.edu.’ Then, they put up the copycat sites to fool users and they use these sites in phishing emails.
Before you start clicking away on items you want, take a few extra seconds to actually read the URL and double-check that you’ve landed on the legitimate website.
Never Use Public Wi-Fi When Shopping Online
Whenever you connect your device to public Wi-Fi it’s like leaving all your house doors and windows open for burglars. Crooks love the holiday shopping season because people tend to be in a hurry and they will hang out in popular public or free Wi-Fi spots – like outside of a Starbucks – and scan for suckers.
They spy on the activities of other devices connected to that same free hotspot. This can give them access to everything you type in, such as passwords and credit card information.
No matter what time of year it is, the best rule of thumb is to NEVER shop or engage in business on free or public Wi-Fi. Switch the Wi-Fi OFF and use your mobile carrier’s connection. If your device is company owned, your IT services team should have put in strong Cybersecurity safeguards – but these will not protect you when you go on public Wi-Fi.
Be On High Alert for Brand Impersonation Emails & Texts
During the holiday shopping season of 2022 there was a 397% increase in copied (spoofed) domains connected to Phishing attacks.
While you always need to be watchful for phishing scams, during the holiday season it’s like blood in the water for cyber sharks. Scammers know that you are expecting to see retail holiday sales emails. As a result of online shopping, you will also get plenty of order confirmations and shipping notices – all of which can be spoofed and loaded with malware.
Hackers already have pre-made templates for phishing emails, impersonating brands like Target, UPS, Amazon, FedEx, and others. Their emails look nearly identical to the real thing. The trick is to get you to click on a link, open an attachment, or log onto a malicious website.
Check Your Accounts & Enable Banking Alerts
This the standard Due Diligence you should already be doing on a regular basis. Check your bank and credit accounts for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.
Conclusion
Unless all your devices are looked after by a qualified IT services crew, take the time for these extra steps. It’s your money – don’t just hand it over to crooks. You might as well throw your cash out of the window when you drive home from the mall.
Frequently Asked Questions
Are Wi-Fi hotspots safe to use?
NO.
NEVER.
EVER.
Wi-Fi hotspots are always unsecured. They may be fine for casual web surfing or texting but be aware that crooks lurk in those little network bubbles. Do NOT transfer sensitive personal, financial, or business information.
Does opening a suspicious email do anything?
As of today, simply opening a suspicious email cannot compromise your data, but do not expect this to remain true. Using Pegasus Spyware, crooks can already hack into smart phones without the victim clicking or opening anything. CNET gives a rundown of Pegasus HERE.
Are wallet apps safe?
While the saying that ‘anything can be hacked’ remains in effect, the answer today is yes. Card information loaded into a wallet app is encrypted and tokenized – vastly more secure than direct card-to-retailer methods of payment.
Which digital wallet is most widely accepted?
Without recommending one over another, Venmo, which is a subsidiary of PayPal, has the most users at 83 million.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation ever to use our IT services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
We have the experience to ensure a seamless transition. Your employees will arrive at the new location to find their IT infrastructure ready and open for business! For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
