You better be careful: it’s holiday shopping scam season
It’s always a mad rush to find the perfect gifts in time for the holidays. And like the Grinch who watches Whoville, cybercriminals are watching and they’re ready to take advantage of your rush.
Whether it’s pilferageor deceive consumers by , there is much more at stake than gifts and a roast beast.
This year’s holiday season will likely be trickier than those of years past.forces many people who would normally have gone to malls to shop online. Rather than hand-delivering gifts, they send them to family and friends.
and supply chain issues – short for a plethora of manufacturing and shipping issues – have only compounded this problem. Gifts are harder to obtain and slower to send. In fact, a new CNET survey shows that more than one in five Americans are buying more gifts online this year due to supply chain issues.
The combination of increased online shopping and heightened desperation creates the perfect environment for cybercriminals, who emotionally feed to extract credit card numbers, login credentials, and other personally identifiable information from individuals. consumers.
Buyers facing shipping delays for Christmas, Hanukkah and Kwanzaa will both be more likely to buy from questionable websites and less likely to think twice before clicking on holiday-themed scam emails, says Josh Yavor, chief information security officer at Tessian, a cybersecurity company. .
Like many people, Yavor said he’s struggling to find an Xbox for his child. Phishing emails advertising offers on any of these would be tempting, even for someone like him, he said.
“We’re going to see more and more of them, especially this year with the ongoing supply chain issues.”
Fortunately, a few precautions can go a long way in ensuring that your holiday season stays happy and bright. For example, 52% of online vacation shoppers stick with reputable retailers, according to the CNET survey. Almost 40% said they would use a credit card, rather than a debit card directly linked to their bank account, for their online purchases.
Only 7 percent said they had no intention of doing anything to protect their personal information when shopping online.
Here are some expert recommendations on how to safely shop for the holidays:
Check your list (and your credit card and bank statements) more than twice
Keep an eye on your bank and credit card accounts. This is good not only for security, but also for tracking your spending.
You can make this task easier by limiting your holiday shopping to just one credit card and one email address. It will also reduce the risk of falling into a phishing scam if any of them target your other email accounts.
Do not use your debit card for your purchases. Your bank will help you get money back if your account is compromised, but it’s much easier to waive the charges when a credit card number is stolen.
“The credit card is the most replaceable part of your identity,” said Chester Wisniewski, senior researcher at Sophos.
He added that people should be more concerned with protecting personal information that cannot be changed, such as their date of birth and their mother’s maiden name.
Don’t be a phishers feast
Fraudulent emails were once easier to spot due to too spammy locations or English so bad it embarrassed Google Translate. It’s changed.
Low-cost automated technology can make phishing emails both more natural and contextually relevant. While security technology has also improved, there is little that it can do to stop people from clicking on things they believe are legitimate.
Cybercriminals are also taking a less technological approach by hiring native speakers to draft email templates for them, says Tonia Dudley, phishing expert for security firm Cofense. She noted that a Russian cybercrime gang has gone so far as to hire a native Japanese speaker to target people in that country.
In recent years, some of the most compelling phishing emails have taken the form of shipping notifications with barcodes that appear to be from Fedex or UPS. If you are worried about the authenticity, go directly to the sender’s website and copy-paste the tracking number into it. Don’t click on links or open attachments, no matter how tempting or urgent they are.
Increasingly, fake shipping notifications are coming in the form of texts, says Brian Wrozek, chief information security officer at cybersecurity firm Optiv, who adds that many people are less skeptical of with regard to texts as e-mails.
“For some reason we’re all more comfortable with what shows up on our phones,” Wrozek said. “It’s like they’re texting it, it must be legitimate.”
Is this really Santa Claus? Or just the Grinch in disguise?
Of course, you can google if the major retailers don’t have what you want in stock, but make sure you’re dealing with a legitimate business. Be especially skeptical of the ads that appear in your social media feeds touting amazing, limited-time offers.
As the saying goes: if something sounds too good to be true, it probably is.
While we all want to support small businesses, especially during tough times, limit the amount of your personal information you give them, advises Wisniewski. A family store can be well run, but it’s unlikely to have the cybersecurity protection of a big box store.
The elf on the shelf isn’t the only one watching, but does it really matter?
The internet has changed a lot in recent years. Any site worth its salt is now encrypted, which means that if someone intercepted your web traffic, for example by connecting to the same Wi-Fi as you at the neighborhood cafe, it would be scrambled and useless.
For this reason, many security experts claim that a virtual private network (VPN), which hides people’s locations in addition to encrypting their data, is overkill for most people.
Wisniewski says taking basic cybersecurity precautions, which you should do year round, is all you need to avoid a visit from a cyber Krampus.
Make sure your devices and online accounts (bank and credit cards, email, social media, shopping website logins, etc.) are locked before you start buying. Update your operating systems, antiviruses and all your applications.
Strong and unique passwords for all online accounts are essential. If you need help, use a password manager. Two-factor authentication, which requires a second identifier such as a biometric or push notification sent to your phone, should always be enabled when available.
If you’re worried about the safety of free internet at your local store, use your smartphone’s cellular connection instead. It’s much more secure than any Wi-Fi connection.