It's the most wonderful time of the year again! Even with some of the best deals from Black Friday, Small Business Saturday, and Cyber Monday behind us, it does not mean cybercriminals are pulling back on the reins - they understand millions of people are still shopping online for deals, or avoiding crowded stores and long lines. The following tips could help you stay safe while shopping online during the holidays.
1) Do your homework
Most people have a list (and check it twice) or a good idea of gifts they will purchase during the holiday season. Knowing what gifts you want to purchase may also provide other valuable information - specifically the cost. While millions of people scour the internet during Black Friday and Cyber Monday looking for the best deals, be aware that if you find a deal which seems too good to be true, it may be a scam.
Many sites like Amazon and Ebay are platforms for smaller, legitimate businesses to resell their products, but do your homework and research a third party seller. Fortunately, Amazon and Ebay provide links to more information about a third party seller, and reviews from other buyers. A couple things to look for:
- Feedback/Reviews - check for low ratings or a low number of reviews.
- How long have they been in business - a new seller (within last 6 months) with great deals could be a red flag
2) Type in the URL
During this time of year you may receive numerous emails with offers for great deals. Unless you are 100% confident of where the email came from you should never click a link or open an attachment. If you have even the slightest doubt, type in the URL.
3) Avoid using public Wi-Fi for shopping
While convenient, the use of public Wi-Fi for shopping or even logging into personal accounts is never recommended and you should never make purchases while on public Wi-Fi. If you cannot wait to buy that perfect gift until you are home and on your secure network, the following tips may help keep you a bit more secure:
- Use a Virtual Private Network (VPN)
- Do a quick look around - if you see a WiFi connection using a store name (e.g., AppleStore, BestBuy-Guest, PublicWiFi-ATT) verify you are near the store listed.
4) Make sure the site is secure
Before entering your personal or financial information, you need to ensure that the site you are on is legitimate and can be trusted. When visiting a website look for the “lock” symbol. The lock icon might appear in the URL bar or elsewhere in your browser. Additionally, check that the URL for the website has “HTTPS” in the beginning. These both indicate that the site uses encryption to protect your data.
5) Never save your information
Never save usernames, passwords, or credit card information in your browser, and periodically clear your offline content, cookies, and history. Additionally, when shopping online, consider checking out as a guest user rather than creating an account, as well as utilizing your private browsing feature. For instance, Google Chrome’s Incognito Mode won’t save any of your browsing history, cookies, site data, or information you enter on forms. While the convenience of online shopping is unparalleled, never let this convenience override your security best practices.
6) Use strong passwords
Updating and enhancing your passwords is a cybersecurity best practice as old as time itself, and creating unique passwords is arguably still the best security when it comes to protecting your personal and financial information. If you utilize the same password for multiple sites, you are setting yourself up for disaster. If you have difficulty creating a large number of unique passwords for all of your information, be sure to take advantage of password generators and managers to not only develop more complex passwords, but allow you to store them securely as well.
Always utilize strong passwords and consider setting up Multi-factor Authentication (MFA). This is as simple as receiving a text or code that you need to type in while signing on to a system. Oftentimes within the account preferences of your device, you can set up an Authentication Application.
7) Update your devices
One of the most important and easiest actions you can take to protect yourself is updating your devices. When a new patch or update is released it is typically done to address a security vulnerability and to prevent cyberattacks from exploiting those vulnerabilities. While the task of updating your device(s) may not be atop everyone's fun list, the benefits could be the difference between spending time on the phone with your bank or credit card company disputing fraudulent charges, or enjoying the holiday season.
A little time upfront may save you a lot of time and stress later on!
8) Guard your card!
When you are shopping online it's always best to use a credit card or another payment service like PayPal. Unlike debit cards, credit cards offer more protection and less liability if your information were to be compromised. Credit card companies are also able to reverse transactions when notified of fraudulent charges, and hopefully, further investigate incidents.
Unfortunately, since debit cards are linked directly to your bank account they pose a much greater risk if a criminal were to obtain that information and you may have to wait days or weeks for charges to be reversed and funds to be restored.
9) Check your stockings...and statements!
Regardless if you use a credit or debit card for purchases, you should frequently check your statements. If you notice any charges you did not make, notify your bank, credit card company, and in some cases law enforcement, immediately. Never wait to dispute fraudulent charges.
Similarly, may be a great time to check your credit report to ensure nothing out of the ordinary is happening. Make sure your data is not an unintended special gift to a cybercriminal this season.
SANS Additional Resources
The SANS Institute provides additional information including checklists, videos, and even some catchy jingles! https://www.sans.org/mlp/secure-the-family/