Shop - Shopping Bags with gifts

It’s no secret that cybercriminals look for easy targets. As we prepare for Black Friday, Cyber Monday and the e-commerce-heavy holiday season in general, there is no shortage of opportunities for criminals to benefit when online shoppers let their guard down. We’ve written about this before, but as the times change, so do the threats, so we’ve updated our guidance so you can shop safely this holiday based on the top threats we’re seeing today.

This time of year can be stressful. Retailers create high-pressure situations and prey on emotions to drive holiday sales. We all know this, and so do cybercriminals. Attackers bank on it, because they know that the fast-paced holiday sales and limited-time offers can persuade even the savviest shopper to be less cautious than normal about the information they’re revealing. The lure of avoiding the crowds and snagging unprecedented deals is just too good to pass up.

Don’t worry, you don’t need to stop shopping. Just read on for a list of ways you can enjoy the wonders of the Internet while staying safe this holiday season.

  1. Beware of Phishing Schemes
  2. Avoid Unknown Retailers
  3. Protect Your Information
  4. Monitor Your Credit and Bank Accounts
  5. Ship to a Secure Location

1. Beware of Phishing

Phishing has become a hugely popular tactic used by hackers and other cybercriminals to steal sensitive information, make fraudulent transactions, and even hack accounts using stolen credentials. This season, there has been an uptick in shopping related phishing attacks, according to Dashlane.

These types of attacks will most likely appear to be from a recognizable retailer or one of your financial institutions and can include anything from a fake issue with a recent order to a billing problem that requires you to re-enter your financial information or shipping address.

As always, we recommend taking a critical look at every email you receive. Look for any issues with the address, numbers or letters that shouldn’t be there, or even compare it to emails you KNOW are legitimate that you have received from that company previously. Hover over links to make sure they’re directing you to the real website, and when in doubt, manually access the website by typing it into your browser. Pause to ask yourself if you’ve actually made a recent purchase with that retailer, or whether it’s just a popular company that many people are likely to have shopped at in the past – hackers use that trick to get people to click on the email without thinking.

The bottom line, is you can’t be too careful, and it’s a lot easier to prevent disaster before you click than after.

2. Avoid Unknown Retailers

This isn’t to say every new store is bad, but there are a lot of pop-up sites designed to steal money over the holiday season by fraudulently advertising the latest technology, gadget or toy. Whether it’s a purchase of $5 or $500, don’t be misled.

Look for authorized retailers for the items you want to purchase by visiting the brand’s website. Make sure that any site involving payment is secure. Check reviews and search the Better Business Bureau or other online reviews when in doubt.

Most of all, if it seems too good to be true, there’s a high probability that it is.

3. Protect Your Information

This is a big one – but it’s also a broad topic. There are several different things you can do to protect your information, but here are a few that make a big difference.

  • Passwords: We’re always talking about the importance of good passwords – and online shopping is no exception. Make sure your credentials are complex and you have changed any passwords that could have been involved in any breaches. Use longer passwords, passphrases and complex characters to ensure your password is difficult to crack. For a refresher on how to create a strong password, read this post.
  • WiFi: Don’t complete any transactions over public or free WiFi. The deal can wait, trust me! It’s not worth exposing your information over an unsecured network. Use a VPN when possible, or wait until you’re on your own secured network.
  • Financial Information: If you get calls or emails purporting to be from your bank or credit card, don’t automatically trust that they’re legitimate. Call the number on the back of your card and ask to speak to the Fraud Department if you suspect a notification you received isn’t legitimate.

4. Monitor Your Credit, Bank and Online Accounts

Many transactions are completed electronically these days, so it’s easy to get a real-time view of your financial accounts. During the holidays, keep a close eye on any connected payment accounts, credit cards or apps used to make purchases. Even if you still receive paper statements in the mail, do you really want to wait until the end of the billing statement to catch fraudulent activity?

Another thing you can do is enable Multi-Factor Authentication (MFA) on your financial accounts, shopping accounts and even shipping accounts such as UPS and FedEx, requiring you to use more than just a password to log in. For more on MFA, check out this blog.

Most financial institutions will encourage you to set alerting thresholds, generating a notification if someone attempts to authorize a charge over a certain pre-determined amount.

Being vigilant and catching issues quickly is the best way to stop damage in its tracks.

5. Ship to a Secure Location

Ah yes, “porch pirate” season is back. Remember the stories from the last few years of criminals stealing packages off of people’s porches, out of their driveways and even mailboxes? Tis the season, unfortunately.

There are a few ways to combat this, and your local law enforcement community may be able to help. In Canton, Connecticut, for example, the police department is allowing residents to safely ship packages to their building and pick them up there. Check with your local police department to see if this option is available to you. Alternately, Amazon is offering services such as their Amazon Locker, which allow you to choose and designate your pickup location. Another option is using the “Ship to Store” feature that many retailers have.

Sure, it’s not quite as convenient, but neither is having your package stolen!

While this isn’t a comprehensive list of all the things you can do to keep yourself safe online (although we do have that), following these tips will help you have a safe holiday season while still allowing you to do your shopping from the comfort of your own home or office.

From all of us at ADNET, we wish you a safe and happy holiday season!