While the offers and deals of Black Friday and Cyber Monday can be irresistible, consumers cannot forget about safeguarding their sensitive financial data. No discount will end up being worth it if the transaction leads to some cyber-thief in Russia emptying your bank account a few hours later.
“Consumers needs to be diligent during the holiday shopping season,” said Caleb Barlow, vice president of IBM Security. “Cybercriminals are trying to entice consumers to click suspicious links by offering deals and tapping into their curiosity. It’s all about following some security basics to keep shoppers safe this shopping season.”
A lot of the steps to take are common sense. To help consumers make the best choices, IBM Security provided the following list of tips to remember before you click.
- Beware of Unexpected Package Tracking Emails: Be cautious of unsolicited emails. IBM X-Force has identified massive campaigns distributing Locky Ransomware. At one point, the campaign was 45% of all spam activity analyzed by the team.
- Caution with Coupon Codes: If the discount looks too good to be true, it likely is. Promo codes from untrusted sources require caution. Don’t click links to copy the code, instead copy it and use it directly on the retailer’s website (even if it’s a retail brand you trust). If you MUST click a link in your email, before doing so, hover over the URL and make sure it’s taking you to the website.
- Opt for Credit Over Debit Cards: Use credit cards instead of debit card, when possible. Credit cards offer consumers more protections if the card is compromised, and won’t impact your checking account during the holiday season if there’s an issue.
- Use Unique Passwords for EACH Online Store: Never reuse the same password on different websites, especially retailers. Instead, create a unique passphrase for each website you shop on, for example, something like “longpassword123”. Same goes for loyalty cards, create a unique password for these accounts too.
- Shopping From The Office? Don’t use your corporate email address when making online purchases, and never ever use the same password you do for your corporate login. It will put your employer at risk.
- Only Use Trusted Apps: Only download shopping apps directly from the trusted app stores such as iTunes and Google Play. Be especially careful of discount deal apps, especially ones you’ve never heard of. Before downloading the app, check the number of reviews and ratings. If it doesn’t have any reviews or ratings, or a very low number, don’t download it. It might be fraudulent.
- Use A Special Shopping Email Address: Have a separate email address for shopping or deal websites. It’ll help you identify sneaky spam that might bypass spam filters and protect your trusted account.
- Don’t Save Your Info: Never save your credit card information in retail sites and web browsers. It might make purchases faster, but it could put your card number at risk if the retailer is compromised.
- Consider One-Time Use Credit Cards: When buying from a non-trusted or entirely new retailer, you can avoid putting your personal credit card data at risk by acquiring one-time use credit cards from your bank or pre-paid credit cards. You could also purchase gift cards directly from the retailer you’re planning on shopping with.
- Get Creative With Password Reset Questions: When filling out account information, opt for the password reset question that isn’t public. For example, don’t use the street you grew up on, as it could be found online. Instead pick something that can be an opinion question (favorite movie, food, etc). OR alternatively, you can even make up your answers, so only you know.
IBM isn’t the only firm trying to help customers stay safe over the next few days. Ernst & Young has also urged its clients to express caution before they buy anything online.
“Credential harvesting and electronic social engineering — e.g., phishing — are still the top techniques used during any electronic attack that is why it is very important to safeguard your information and reset your passwords during the holiday season,” said Chad Holmes, principal and cybersecurity leader at Ernst & Young LLP.
He added that, “Cyber Monday is a perfect annual reminder for people to update their cyber security hygiene like passwords to ensure they provide a strong defense against attacks from cybercriminals.”
The following list of tips to remember was provided EY.
- Always vary your passwords: Having the same password for social media accounts, bank accounts and online shopping sites is common practice, but a criminal cracking the code in just one of those places leaves a consumer’s entire identity at risk.
- Keep your passwords strong: Password or ABCD1234 won’t fool anyone. Worried about forgetting, multiple, complex passwords? Use a password manager/aggregator. Just remember to keep the master password strong.
- Don’t take shortcuts: Holiday ads appearing around the web, including on social media sites, normally have malicious activity hiding behind that link. It may seem convenient to click on an ad, but it’s safer to go directly to the site where you want to make a purchase.
- Be suspicious: Don’t remember spending $5 dollars at that coffee shop? Chances are, you did not. Hackers often spend small amounts on stolen accounts to see if the victim will notice. Report any unusual activity immediately and watch your account activity very close during the holidays.
- Make sure your device is sound: It’s important to have up-to-date anti-virus software on your computer and use private browsing features when shopping online. If you’re updating or buying software for the first time, always go directly to the provider site. Fake security software are a common hacker ploy.
- Never give out personal information: You don’t need to give your social security number to buy a pair of jeans. If a website ever asks for this type of information, steer clear.
- Make sure the retailer has done its part: If you don’t see a lock icon in the URL of the website you’re shopping on, you should not be shopping there. A lock in the URL indicates the website is encrypted.