Black Friday and Cyber Monday are the highlights of one of the busiest online shopping seasons of the year. Whether you’re making holiday purchases or simply looking for a great deal this November, make sure you stay cyber safe. Here are the top 10 tips for protecting your personal and financial information this year:
1. Get patched
Before you even get started, make sure your devices are patched. Consider setting your mobile devices and computers to auto-update to make sure you have the latest protections, otherwise check manually to update your operating systems, applications, and anti-malware solutions to current security levels. It’s not just the peak season for shopping: it’s also one of the busiest times of the year for cyber threats, so it only makes sense to have your defenses in place before hitting the virtual stores.
2. Watch out for fake websites
One common way criminals will trick shoppers into disclosing their financial information is by setting up fake websites. In some cases, fraudsters will clone legitimate websites to trick consumers into thinking they are shopping on a real site, when they are really just being used to harvest login information and credit card numbers. In other cases, new sites are constructed as one-stop shops for particular items: for example, a frequent scam involves clothing, hat, or shoe store portals that purport to offer an amazing array of products – or hard to find items – in all sizes and colours, all at extraordinary prices.
To uncover these bogus sites, carefully check the URL of the website to make sure it’s valid, and verify it against trusted sources of information. Watch for spelling mistakes, links that don’t work properly, or other signs of poor quality that suggest the site may be bogus. Also check the customer service section of the site: often, fake sites will not have an actual phone number, contact address, or other basic corporate information.
3. Watch for phishing scams
Hackers know there are a lot of real discount and incentive offers coming across email this time of year, so they look to sneak in a fake message here or there to trick you. Spoofed ads and bogus package delivery notifications, and phony gift card alerts are crafted to take advantage of potential victims. Pay close attention to any unexpected messages that hit your inbox, hovering over links to make sure that they connect to a real website. Never click on a link that you haven’t verified – you could be heading to a fake website, or unknowingly downloading malware to your device. Check store websites independently to corroborate any special offers or last-minute deals.
4. Beware SMS-based and social media scams
Remember that scams aren’t limited to phishing emails: fake texts and phishing ads in social media platforms are increasingly popular ways for hackers to steal your data. Be cautious about anything that looks suspicious or is too good to be true: if a deal or promotion catches your eye, verify it independently and avoid clicking on any links or opening any ads that have arrived unexpectedly or show up on your social feeds or channels.
5. Check the site is secure
Before considering a purchase or entering your personal information online, be sure to confirm that the website is secure. Look for the padlock icon in the top left corner of your browser bar when you’re on the site, and confirm that the URL for the site begins with “https://”: the “s” in there tells you that the communications between your device and website are encrypted and secured. Some sites now offer two-factor authentication or two-step verification processes before completing your purchases. Using 2FA – often in the form of a password and a text confirmation – will protect your account even if someone has intercepted your password.
6. Avoid using debit cards
Every personal situation is different, but consider using a credit card instead of debit card when shopping online. In the event your information is compromised (despite your best efforts), credit cards typically offer better consumer protections against fraudulent use. Credit card companies are much quicker to reverse charges and block cards in the event your data is stolen; on the other hand, if your debit card is compromised, your entire account could be drained without warning, and it can take weeks to resolve disputed transactions with your financial institution.
Some people even designate a specific credit card as their “online” credit card, giving it a lower limit to reduce financial exposure, and making it easier to reconcile online transactions.
7. Use strong, single-use passwords
If you create any accounts with online retailers, be sure to protect your profile with a strong password or pass phrase. And never, ever re-use the same password with multiple services or websites. This reduces your risk in the event that any one website is compromised: hackers who manage to steal user information from one website will frequently pivot to try and use the same credentials on other websites as well. It’s a fact of modern life that we have lots of passwords: considering using a password manager to keep them all straight. It’s a much safer approach than risking your privacy by reusing passwords. Many of these password managers are free or modestly priced, and can make your digital life a lot easier.
8. Limit the data you share
Some online stores look to create extensive personal profiles of their customers: consider the value you get out sharing your personal details, and whether you feel your retailer needs to have that information. In particular, storing your credit card information with an online store may save you a few seconds when you make a purchase, but also exposes you to potential risk if that retailer is ever hacked. If your online purchase will likely be a one-time deal with a retailer, look to use a guest account for your transaction rather than leaving a digital record behind. And if you decide to stop using a particular retailer or online service, be sure to delete your account with them to limit your exposure and risk.
9. Don’t shop on public Wi-Fi
Now that stores and malls are re-opening, you may be doing some in-person shopping this season. Remember that you should never use public or open Wi-Fi services for financial transactions or accessing other personal information. Public Wi-Fi connections are often unencrypted and unsecured, meaning it’s comparatively easy for hackers to snoop on the information you are entering on your phone or tablet – information includes your email, passwords, credit card info and other sensitive data. If possible, use a VPN on your mobile device to protect your communications.
10. Check for fraud after your holiday shopping
Keep track of your online purchases, and reconcile them back to your online statements and accounts. The names on the detail lines don’t always match the stores exactly, so keeping an independent record of dates and amounts can help you confirm valid transactions – and pinpoint any fraudulent use of your cards. Hackers will usually attempt a couple of small, less noticeable transactions on a stolen card before making a large purchase. Watching carefully for suspicious transactions can keep you out in front of the bad guys.
These tips will help you at the busy shopping time in late November, and will strengthen your cyber defenses year-round. Stay cyber safe!