This is set to be another big year for online holiday shopping. COVID-19 has focused more shopping to online sites as customers — scared of infection transmission or just frustrated with social distancing, limited store hours, and waiting in lines – flock to online retailers for their holiday spending. Cybercriminals are all too aware of these facts, and they are stepping up their game this holiday season to steal your money, data, and identity.
Black Friday and Cyber Monday, often referred to with just the acronym BFCM, is one of the most anticipated shopping times of the year, and consumers must shop smart and keep cybersecurity at the top of their minds to protect themselves.
Be Wary of Unknown Links
This is said time and time again, and people are tired of hearing this advice. The problem is that even the most careful individuals can fall victim to this age-old trick because, over the years, attacks have become more sophisticated.
These links can be hidden in:
- Emails;
- Advertisements on social media; and
- Unsecured websites.
Whether it is an advertisement or sponsored post on social media or a link in an email, always take the time to open a new tab and type the website directly into the URL bar. That includes links in emails from friends and family members as well.
Understand URL's
Understand how URLs are formed so that you can identify fake links. Criminals will often embed a legitimate URL under a fake domain or use similar domains with only a slight change in spelling. There are two crucial factors when it comes to URL’s that people need to be aware of:
- Subdomain vs. Domain; and
- HTTP vs. HTTPS protocol
But before the differences can be explained, it is vital to understand the components of a URL. Doepud has a great breakdown on this topic.
Check Out as a Guest
When checking out, check out as a guest. Do not sign in using email, social media, or other methods. If PayPal is an option, use that in order to limit the amount of personal or credit card information exchanged or stored with sites.
Each site storing your personal information is another avenue of attack for cybercriminals. Limiting your information to a few payment sources will make it easier to secure your information and easier to change it if it is exposed.
Update Passwords and Secret Questions
Ensure that you are using unique passwords for each account. Use a secure password manager to keep track of the credentials associated with sites and systems. Next, make sure that the answers to your secret questions are not things that could be discovered through public searches online. Some secret questions ask about your background or previous places where you have lived. These facts can be easily gleaned from public databases, so you should choose other questions.
If you are unable to select more secure security questions, establish a set of alternative answers for these questions and store these in your password manager for easy reference. For example, if the question is which street your first house was on, answer with the first repair you had to make or your favorite thing about that house instead.
Monitor Accounts
Set up alerts through your bank and make sure you are monitoring your accounts regularly for any suspicious activity. Beware of any phone calls regarding fraudulent activity that require you to provide additional information, such as social security number, bank account information, or date of birth, to confirm it is you. This is called social engineering, a deceptive method used to get people to divulge confidential and personal information for fraudulent purposes.