This is set to be another big year for online holiday shopping.  COVID-19 has focused more shopping to online sites as customers — scared of infection transmission or just frustrated with social distancing, limited store hours, and waiting in lines – flock to online retailers for their holiday spending.  Cybercriminals are all too aware of these facts, and they are stepping up their game this holiday season to steal your money, data, and identity.  

Black Friday and Cyber Monday, often referred to with just the acronym BFCM, is one of the most anticipated shopping times of the year, and consumers must shop smart and keep cybersecurity at the top of their minds to protect themselves.

Be Wary of Unknown Links

Understand URL's

Understand how URLs are formed so that you can identify fake links. Criminals will often embed a legitimate URL under a fake domain or use similar domains with only a slight change in spelling. There are two crucial factors when it comes to URL’s that people need to be aware of:

  • Subdomain vs. Domain; and
  • HTTP vs. HTTPS protocol

But before the differences can be explained, it is vital to understand the components of a URL. Doepud has a great breakdown on this topic.

Check Out as a Guest

When checking out, check out as a guest. Do not sign in using email, social media, or other methods. If PayPal is an option, use that in order to limit the amount of personal or credit card information exchanged or stored with sites.

Each site storing your personal information is another avenue of attack for cybercriminals. Limiting your information to a few payment sources will make it easier to secure your information and easier to change it if it is exposed.

Update Passwords and Secret Questions

Ensure that you are using unique passwords for each account.  Use a secure password manager to keep track of the credentials associated with sites and systems.  Next, make sure that the answers to your secret questions are not things that could be discovered through public searches online.  Some secret questions ask about your background or previous places where you have lived.  These facts can be easily gleaned from public databases, so you should choose other questions.  

If you are unable to select more secure security questions, establish a set of alternative answers for these questions and store these in your password manager for easy reference.  For example, if the question is which street your first house was on, answer with the first repair you had to make or your favorite thing about that house instead. 

Monitor Accounts

Set up alerts through your bank and make sure you are monitoring your accounts regularly for any suspicious activity. Beware of any phone calls regarding fraudulent activity that require you to provide additional information, such as social security number, bank account information, or date of birth, to confirm it is you. This is called social engineering, a deceptive method used to get people to divulge confidential and personal information for fraudulent purposes.