The global pandemic and economic fall-out has changed nearly every aspect of our lives, and the holiday shopping season will be no different. Instead of going to crowded malls, many will be shopping from the safety of home. According to the National Retail Federation, 73 percent of consumers plan to use their computer or mobile device to research or make purchases this holiday season.
While the increased availability of online shopping may be a lower-risk alternative than going to stores, it also makes it more lucrative for scammers to trick buyers into paying for goods they won’t receive or obtain their personal information for financial gain.
Don’t let cyber grinches wreak havoc on your holidays. Following some simple cybersecurity tips and practices before and while you’re shopping online can help protect you and your family during the holidays and year-round.
1. Think before you click. Beware of ads encouraging you to click on links or that pop up in your social media feeds. If you receive an enticing offer, do not click on the link. Instead, go directly to the company’s website to verify the offer is legitimate.
2. Don’t fall for the mall Santa. Fraudsters often set up fake e-commerce sites this time of year. Prior to making a purchase online, read reviews to hear what others say about the merchant. In addition, look for a physical location of the retailer and any customer service information. If in doubt, call the merchant or store directly to confirm they are legitimate.
3. Beware of naughty apps. According to RiskIQ, a cybersecurity company that keeps a database of blacklisted apps, about 2 percent of the holiday shopping-themed apps out there are malicious. They’re either carrying malware or looking to steal your payment or personal information. Best to stick with the major app stores like Google Play and Galaxy Apps, and only shop using official retailer apps. Also be careful what permissions you grant the apps you use.
4. Use safe payment options. Using a credit card to make online purchases offers consumer protections in case something goes wrong with your purchase or you never receive it. Or, you can use a third party payment service like Apple Pay to pay for purchases without giving the merchant your credit card information directly.
5. Watch what information you share. Be alert to the kinds of information you are asked for to complete your transaction. If the merchant is requesting more data than you feel comfortable sharing, cancel the transaction. You only need to fill out required fields at checkout. Do not save your payment information in your profile. If the site autosaves it, after you complete your purchase, login and delete the stored payment details.
6. Check twice (and more!). Keep a close watch on your bank and credit card statements throughout the holiday season and beyond. Continuously check for any unauthorized activity and alert your financial institution right away if you suspect fraud. Another tip for monitoring activity is to set up account alerts, so you will be notified about certain activity on your debit or credit card, like a foreign transaction or large purchase.
7. Keep a clean machine. Make sure all of your devices are up-to-date and free from malware by running only the most current versions of software and apps. When software providers find out about bugs, they send out patches to fix them. Hackers are constantly on the lookout for old, unpatched systems. So be sure that the operating systems, software and apps on your computers and mobile devices have the latest patches. Install anti-virus programs on all of your devices.
8. Use secure Wi-Fi. Shopping on the go or when waiting in line at the coffee shop may seem convenient, but using public Wi-Fi to make purchases is dangerous practice. Fraudsters can capture your financial and personal information from open Wi-Fi networks. Instead, wait until you get home to make your purchase, use a Virtual Protected Network (VPN) or use your phone as a hotspot.
9. Put your logins on lock down. Create long and unique passwords or passphrases for all of your accounts and don’t use the same login for multiple sites. Use multi-factor authentication (MFA) wherever possible, such as biometrics or a unique one-time code sent to your phone or mobile device.
10. Ship to a secure location. The increase in online shopping has also led to an increase of home deliveries—and with it, a rise in “porch pirates” that steal packages left at mailboxes or doorsteps. If no one will be home to accept a package, consider shipping to your office or another safe place. UPS, Amazon and FedEx all now have shipping lockers available for secure deliveries.
Resources: Consumer Reports, Coresight Research, Lifelock, National Cybersecurity Alliance, National Institute of Standards and Technology (NIST), National Retail Federation, Risk IQ, Safety Detectives, Washington Post