Cybercriminals love things like Cyber Monday, online shopping, and they work hard to cook up schemes and get rich off the large number of online shoppers. This year, that risk will be even larger, due to the shortage of some popular items and the supply chain challenges and shipping bottlenecks across the globe. It is likely that cybercriminals will target shoppers who are looking for these hard-to-get gifts.
At American Pacific Mortgage, we know how important cybersecurity is and have put together tips on how to avoid falling victim to scams and cybercriminals while you are shopping online for your holiday gifts. We don’t want your holiday spoiled by an identity thief or finding that your bank account has been drained—or that a cybercriminal has run up thousands of dollars on your credit card!
As you make your online purchases, stay safe by following these simple safety tips.
Check Your Devices
Make sure your devices are up to date with recent security patches before you shop online! Never put off computer or mobile device security updates. Where possible, set up your devices to auto-update their operating system software! Also make sure you have an active antivirus software running on your devices to help protect you.
Use Unique Passwords for Every Site You Visit (or Don’t Create an Account at All)
Passwords are a hassle, and so is trying to remember them for the numerous online accounts most consumers have. If you’re shopping at a new retailer, the first tip is to check out as a guest. If you do create an account, make sure you are not reusing a password. If that account gets breached by a criminal, and you are using that same password for other online accounts, the criminal will try to use it on other websites to access other potential accounts you may have. It’s also a good idea to decline to save your credit card information on a retailer’s site to keep yourself even safer.
It’s a good idea to use a password manager to create and store unique, hard-to-guess passwords. A password manager can autofill your password for you when you want to shop. Passwords should be as long as possible and contain a mix of upper- and lower-case characters, numbers, punctuation and symbols. Also use MFA (multi-factor authentication) if available to secure your account even more.
Shop Only Through Trusted Sources
Stick with retailers you know and trust. Bookmark their sites to go there directly rather than clicking on offers in ads, emails, or text messages. That will keep you safe from cybercriminals who create realistic-looking fake stores designed to look just like the sites of trusted retailers.
Make Sure the Sites Are Secure
If you’re sticking with well-known retailers, their sites should be secure. But if you’re shopping at smaller or independent shops, look for a little lock icon in the top-left corner of your browser bar when you’re on the site. A secure site’s URL should start with HTTPS and not HTTP. (You might have to click on the URL to see it.) Secure sites use SSL (Secure Sockets Layer) encryption to keep data in transit hidden from hackers. If the site is secure, it’s OK to enter your payment information and order your items.
Search for Deals on Retail Sites, Not Search Engines
Scammers “poison” Google and Bing search results with malicious or deceptive links. Searching for the best iPad deals? Go to Best Buy, Amazon, or GameStop and use their in-house search engines instead of Google.
Learn to Spot Holiday Shopping Scams, and Don’t Fall for “Too-Good-to-be-True” Deals
Cyber Monday features a lot of incredible, legitimate deals offered by trusted retailers. But cybercriminals will prey on shoppers’ desire for the lowest prices and will try to slip in a lot of fake deals. Watch out especially for emails, text messages, pop-up browser windows, and Facebook and Twitter posts promising fantastic savings, especially if the link is a shortened URL—you really don’t know where those will lead you. Clicking on links in the messages or posts could lead to scams, phishing sites, or sites distributing malware. And don’t open attachments in emails promising fantastic deals. Stay away from offers and sales that seem too good to be true.
Watch Out for Clones
This may seem obvious, but you’ll want to check each retail website’s address, aka URL, in your browser’s address bar. Cybercriminals who want to steal your credit card number or personal information will “clone” well-known shopping sites and park them at web addresses that are often just one mistyped letter away from the real thing.
Don’t Shop on Public Wi-Fi
Shopping online from your laptop, tablet, or phone while connected to public Wi-Fi can open the door to hackers. Public Wi-Fi connections are often unencrypted and unsecured, leaving you vulnerable to a man-in-the-middle (MITM) attack that could allow a scammer to grab your name, address, credit card number, and other personal information. If you must shop on public Wi-Fi, use a virtual private network (VPN), which creates a “tunnel” that allows you to transmit your encrypted data securely.
Review Credit Card and Bank Statements Regularly
Malware can infect credit card readers in stores as well as online retail websites, and unscrupulous cashiers sometimes steal card numbers as well. Glance over the transactions, make sure the amounts are correct, and look for fraud. If you find a transaction that doesn’t match your purchases, your account may have been compromised. If so, call your bank or card issuer right away. Federal law offers plenty of protections for fraudulent transactions. But in order to benefit, you need to see and report the fraud in a timely manner.
Written by: Michele Buschman, Chief Information Officer, American Pacific Mortgage