Keep your info safe while holiday shopping.
It’s the most wonderful time of the year. Folks who love to shop wait all year long for Black Friday and Cyber Monday. But there’s someone else who’s been waiting for those celebrated shopping days, and he’s not out to make your holiday season more jolly.
“Black Friday and Cyber Monday are considered open season for hackers and cybercriminals. They’ve been gathering data all year about how to spoof you and their attempts will be very realistic,” said Steve Durbin, managing director of the Information Security Forum.
Dan Lohrmann, CSO and chief strategist at Security Mentor, added, “While there will be plenty of great deals this holiday season, there are a few things that consumers need to keep in mind as they jump into the fire which pertain to the security of their personal data.”
Many of us have an annual ritual that includes sitting at the Thanksgiving table, surrounded with ads and making a game plan. But there’s another pre-shopping activity you need to add to the tradition.
“Before you start shopping, make sure to update your devices,” said Sezen Uysal, software engineer and CEO of Roqos. This may sound like a simple tip, but about 40 percent of users don’t upgrade when they ought to. "Those updates are there to protect you and keep a firewall from those hackers looking to get into your personal data. ”
This way, when you’re out clipping mobile coupons and comparing prices, you’re not exposing your phone to nearby hackers.
All those notifications pinging all night can interfere with your shopping Zen, but Sean M. Bailey, author of Hack-Proof Your Life Now!, says it’s a necessity. “People should take a minute to log in to their bank and credit card sites and add instant notifications or alerts to their accounts. When you do that, you’ll see the activity right on your smartphone and you’ll be able to spot anything suspicious right as it happens.”
Without those alerts, you might not find out if your account has been compromised until it’s empty.
Cash is the safest option when you’re shopping in-store, but it’s not always feasible when you’re doing high-volume shopping (like may be the plan for Black Friday). But instead of reaching for your debit cards, put your purchases on credit.
“Debit cards pull directly from bank accounts. If something happens to compromise a debit card, the consumer's bank account is likewise compromised, and that could have a disastrous ripple effect (bill payments, mortgage payments, money for groceries, etc). Even if the monetary loss ends up being temporary, it's still much more difficult to deal with while it's happening,” said Gretel Egan, eLearning and marketing content manager for Wombat Security.
Credit cards provide an important layer of insulation for consumers in the event of identity theft or fraudulent purchases, which makes them a better choice for in-store and online purchases.
In the midst of shopping excitement, it might not occur to you to be wary of the cashier at the store or the server bringing much-needed coffee, but anyone can be up to no good, and it’s important to keep your guard up.
“Skimming continues to be a threat, particularly at restaurants, small retailers and gas stations,” said Tim Francis, cyber enterprise lead at Travelers.
A skimmer is a small device that can scan and store credit card data from the magnetic stripe. Criminals and rogue employees can install skimmers on a business’ legitimate credit card machine, or employees may keep them out of sight of customers.
"Information from cards that are run through a skimmer can be sold over the dark web or used by the individual that stole the information,” Francis warned.
Francis offered tips for keeping yourself safe from skimmers, including keeping your card in sight at all times, not letting anyone walk away with your card, and looking for attachments on credit card machines. If you ever feel like your card might be at risk, simply leave—or pay in cash if it’s something you just can’t live without.
Most people don’t record their credit card company’s fraud security number anywhere. Why would you? It’s right there on the back of your card.
But what if your card is lost or stolen and you need to act quickly? “Keep a note of your card issuer’s fraud line number so if your card is stolen, lost or misplaced, you can call them directly and limit the exposure,” said Durbin.
If you install your credit card compay's official app on your phone, you can generally find that number there as well.
Pretty much every large grocery store has rack upon rack of gift cards for sale these days. Prior to Black Friday, stock up on gift cards for the stores you plan to shop. “Gift cards are great to purchase because they usually don’t expire and can be used for a variety of purposes,” said Ryan Merchant, of Dashlane. Not only does using gift cards keep your credit card info out of the mix, but you may even earn rewards at your local grocery store for buying them—it’s a win-win for all savvy shoppers.
But heed this warning: Only purchase gift cards from reputable stores. Gift cards purchased on online selling sites may be fake or not be worth the promised value.
We know! Your cellphone data is precious, which is why the allure of public Wi-Fi is so strong. But public Wi-Fi networks aren’t encrypted, so any hacker that knows his stuff can access your info if you’re making purchases over Wi-Fi. Wait until you get home to make purchases, or connect to a secure network.
If you simply must connect to public Wi-Fi, make sure to mark the network as public on your device and ensure file sharing is turned off.
It’s important to make sure your computer is secure before you begin your online holiday shopping excursions. Uysal warns that not all security software is created equal, so pay attention to what yours offers. “Be sure to look for features like firewall protection, anti-virus, emergency security, password protection, scans of social channels, and the ability to flag websites that tend to contain viruses,” he explained.
Even if you trust your security software, it won’t do any good if it’s out of date. “If you are shopping online, be sure that you security software is up-to-date and check that both your firewall and antivirus is working,” said Durban.
It seems like new retail sites pop up like prarie dogs during the holiday season, some with prices that seem just too good to be true. Wombats Security’s Egan says sites that seem too good to be true, might just be.
“This is the prime time of the year for bargain hunters—and cyber criminals know that as well as anyone. Many great sales and deals are legitimate, but many aren't,” she warned. “Shoppers should research deals and restrict their purchases to known, trusted outlets, and they should access ecommerce sites through known, trusted web addresses rather than emailed or posted links.”
Once you’ve entered your purchasing info into a website, it’s out there. For that reason, it’s important to only shop on websites that are secure. “Shop from websites that start with ‘https://’ as these sites are much secure and encrypted,” advised Haris Mumtaz of PureVPN. Those sites display a locked padlock symbol next to the URL.
And don’t just check that the site is secure when you first arrive. Some sights encrypt only the sign-in page, meaning the rest of the site is not secure. Check your browser bar each time you click to make sure your info is still safe.
It may speed up the checkout process, but don’t store your credit card info on your phone, computer, or at any retail sites, advises tech expert Neill Feather, board member of the Online Trust Alliance and president of SiteLock.
“Enter it manually every time. Yes, it takes longer but cleaning up after a data breach and potential identify theft will take much longer,” he said.
You know what information is normal for a retail site to ask for. We don’t blink an eye when they want our name, address and credit card info. If they ask for any more than that, such as your birthday or social security number, don’t hand it over. That information, coupled with your address and credit card info, is all a cyber-criminal needs to take over your bank accounts—and maybe more.
Your emails and texts on Black Friday and Cyber Monday can be treasure trove of deals, steals and amazing coupons, but be careful what you’re clicking.
Jason Glassberg, co-founder of Casaba Security, says phishing emails are likely to be one of the biggest risks to shoppers this year. “Be on the lookout for legitimate-looking emails that offer special deals and discounts on popular items, canceled payment alerts, overdraft alerts, failed delivery alerts, and change-your-password alerts,” he warned. “Criminals will spoof the email address or use a similar-looking domain so you have to look in the actual email header to determine if it's legitimate.”
“Cyber thieves engage in extensive phishing schemes around these dates and often direct consumers to fake versions of major retailer sites in order to lure consumers into entering their card information” added Ben Woolsey, president and general manager of CreditCardForum.
This is why it’s very important not to simply click on links within emails appearing to come from retailers with discount codes or from coupon sites. You should always go directly to the retailer site and enter any promotional codes from there if obtained elsewhere.
All of this info may sound scary, but it's designed designed to keep you safe during these days of hot deals. Following these precautions, you can do you holiday shopping in-store, online, or both, and be confident in knowing that your info is secure.
“There is definitely more opportunities for criminals to steal your information during the holidays. In addition to the sheer volume of added shoppers, many are in holiday mode, focused on what they are setting out to buy and overwhelmed by the season. Don’t let this happen to you!” added Francis.