With COVID-19 lockdowns appearing in many jurisdictions over Black Friday (and much of the run-up to the holiday season), online shopping is expected to shatter records once again this year. Count on cyber criminals to be on the lookout to try to take advantage of the situation.
In part I of this Black Friday Cybersecurity series, we look at how shoppers can stay protected. Here’s a handy list of the top ten ways you can defend yourself while shopping online.
1) Practice good device hygiene: We’re not just talking about Lysol wipes here! Make sure your mobile phone, tablet, and computers are fully patched to the latest versions before you start shopping. Same goes for your browser. Make sure your privacy settings are correct and, if your device supports it, consider setting up biometric or multi-factor authentication to provide an extra layer of defense.
2) Passwords: Is this the year you finally move to a password “locker” application on your phone to strengthen and protect your passwords? Seriously consider it. But no matter how you keep track of them, make sure your passwords are unique across online stores (reusing passwords multiplies your exposure if any one of them is compromised), make sure they’re complex, never share them with others, and don’t write them down on a sticky note at your desk!
3) Be wary of public Wi-Fi: If you are able to find public Wi-Fi – avoid using it for financial transactions unless you have VPN software installed. If you must conduct a financial transaction while on the go, consider briefly switching over to your data plan first, to avoid sending your credit card number and other personal details across a potentially unsecured Wi-Fi network.
4) Be extra cautious about phishing: Fake emails (and texts) with deals, discounts, and offers may be coming to your inbox during the sales. Watch for the usual red flags like misspellings, faulty grammar, or strange formatting. Make sure to “hover” over links to validate that they are going to the expected destination, and don’t click on anything that looks suspicious or too good to be true. If you are interested in an offer, consider surfing directly to the shopping site without using the link – this will give you a chance to investigate the bargains independently.
5) Be extra cautious about surfing: If you’re not shopping on a well-known, reputable e-commerce website, do a little extra research to make sure the online vendor can be trusted. Check the “Contact Us” page – if they don’t provide clear customer service contact information and phone numbers, that could be a signal that it’s a phony site looking to harvest your credit card information. Read independent customer reviews. Use the same measures to protect yourself before making a donation online as well. Be cautious about using any of the myriad “coupon” sites on the Internet – many are fraudulent, and their links may take you to spoofed websites instead of the real thing. Finally, if you decide to conduct an online transaction, make sure that your browser session is secured with an “https” connection before you enter any personal details.
6) Debit vs. Credit: While some will argue that using a debit card helps control spending, using a credit card will offer you faster protection in the event that your card is compromised or stolen. Disputed credit card transactions can often be reversed in a day or two, while debit card transactions can take weeks to sort out – and you’ll be without access to those funds the whole time. While there is typically a spending limit on a credit card, your debit account can be drained and put into overdraft unless you are protected. Consider using a low-limit card or account exclusively for online transactions to limit your financial exposure, or look at a third-party payment platform like PayPal or ApplePay to limit your data exposure.
7) Freeze your credit: If you’re in the United States, and you’re not planning on getting any new credit cards or loans, consider seeking a “credit freeze”. This will prevent someone else from impersonating you to open fraudulent accounts or credit instruments. Unfortunately, this feature is still not available anywhere in Canada (as of 2020). “Credit alert” or monitoring systems are available in Canada and the United States – usually at a fee – but are only “reactive”. In other words, by the time you find out that your identity has been impersonated after the fact, the damage may have already been done.
8) Check your credit scores and ratings: Visit the rating bureaus in your jurisdiction at least annually to make sure the information is correct. It’s often worthwhile requesting a credit report from more than one provider – while the information should be the same, it may not be. This will allow you to seek corrections on out-dated or invalid information, and give you a heads-up if an unauthorized account has been set up in your name. In Canada, visit Equifax or TransUnion to request your free reports.
9) Check your online balances: Use your institution’s website or app to verify statements, transactions and balances frequently. Purchases will hit your card within seconds; if you check your balance regularly, you may be able to identify and challenge illegitimate or unauthorized transactions sooner. This will let you put your card on hold and seek a replacement before further damage can be done. Some financial institutions have spending Be sure to check credit card, debit card, and third-party (e.g., PayPal) transaction histories to keep tabs on your seasonal spending.
10) Minimize your footprint: Limit the amount of information you share online with the online stores and shopping platforms. Use a guest account for a one-off transaction, instead of creating an online profile with personal information and credit card details that could be stolen if the vendor ever has a data breach down the road. They can’t steal your data if it isn’t there in the first place.
Do you have a favourite tip or word of caution that’s helped you with your online shopping? Contact ISA to share your experiences and keep the conversation goin