By Kevin Baker
The holidays are upon us and with them often comes a mad rush to “Act now!” to score the best online deals “before it’s too late!”
Unfortunately, competitive, hurried Black Friday-type shopping can translate to distracted shopping, which can translate into a dream opportunity for social engineering. The bad guys want you to be in a hurry. They want you to be distracted. It makes their jobs easier. And they know that the holiday season is a prime time to prey on the unprepared, tricking them into opening phishy emails, clicking on malicious links, or using their phones in other insecure ways.
Secure shopping takes a little bit of work, but the rewards are well worth the effort
While it’s always important to think about locking down your identity online, it’s particularly important over the holidays. So, don’t wait until the middle of the shopping season to change your security practices. Instead, get started now by implementing some security basics. To start:
Slow down. If you’re in a hurry for deals and getting your shopping done early, you may also be in a hurry to get hacked. So, take a beat and be thoughtful about where you shop and what you click.
If a deal looks too good to be true, it most definitely is. Beware of phishing emails and special offers, especially those with a fast deadline to act.
Use good passwords. And by good, I mean new. Billions of passwords have been and will be lost in breaches and thus, the only guaranteed password is a brand-new one. To be on the safe side, update all your passwords before — and after — the holidays.
Whenever possible, use multi-factor authentication (MFA). And if you’re buying from a reputable retailer, you can almost certainly use multi-factor sign-in, such as with Google Authenticator, and have it challenge you every time.
Your phone alone isn’t safe enough for online shopping. Be careful using your phone to shop if you don’t have security applications on it. Better yet, get antivirus and malware protections added to your phone — for example, Trend Micro Pay Guard and IBM Trusteer.
Update, update, update. Most laptops have malware protection, but if you spread purchases across your laptop and phone, make sure both are malware-free and updated to their latest versions. Again, an anti-malware protection program like Trend will see that you’re using two devices and protect across both.
Check the privacy settings of your applications. If you use shopping apps, which I wouldn’t suggest doing because it’s corralling you into a certain set of vendors, you can still remove unnecessary permissions. For instance, why would an online retailer need access to your contacts? Or your camera?
Check for https or the golden lock. If you’ll be entering your information onto any site — whether from your phone or laptop — be sure to look for the https or golden lock symbol, which lets you know it’s encrypted.
Check out as a “guest” instead of allowing retailers to store your credit card information. Or, if you’re going to let a business save your information, let it be via a secure application like Google Pay.
Public Wi-Fi is not your friend. If you don’t have a secure phone, don’t use public Wi-Fi to shop. Or, even if you have a secure phone, try to avoid using public Wi-Fi to shop.
Use a virtual private network (VPN) to protect your data while on another network.
Beware of package tracking scams designed to steal your information or infect you with malware. Chances are, you’ll have packages arriving this holiday season. Before you click on a link to track a package, doublecheck the domain. For instance, if you get an Amazon tracking email, but the domain isn’t amazon.com, don’t click. Humans read in big chunks of information and when something looks familiar, our brains will grab and replace the bad stuff with what’s in our memory. So, take the extra time and go to where you purchased the item to get the tracking information.
The holidays are meant to be a fun, happy, and exciting time. Just don’t let excitement about a great deal overcome caution while shopping.