Tech Security Insights

Never miss the latest in IT Security! Subscribe to Tech Security Insights now!

8 Tips for Cybersecure Holiday Shopping

Posted by Tim O'Connor on Dec 12, 2019 9:47:35 AM

Holiday shopping securityThe holiday sales season is a boon for many retailers but also for cyber criminals. Many of the things we should do to protect ourselves, our families, and our businesses during the holidays are the same practices we should use throughout the year. However, there are some special concerns around the holidays. 

So, let’s make a list and check it twice, then share it with employees and family. 

A brief checklist or easy reference can help ensure you are prepared before and during the holiday shopping craze. Take notes as you read to generate your checklist of things to do or watch for. 

Social Media Deals Might not Ring in the Season 

If you see an online ad, especially one on social media (Facebook, etc.) or a click-bait website (a website that publishes frivolous articles and is full of ads), and you’re unfamiliar with the company, be very wary! If it is something that you “must have,” spend just a few moments to see if you can find a reputation for the seller. Some quick work with a search engine should be all you need.  

Don’t use a Debit Card to Stuff Your Stockings 

Credit cards will give you better protection from fraud than your debit card. Even better, buy a single-use or “rechargeable” prepaid credit card for your online shopping. Keep the balance on your prepaid card low so that you don’t risk losing your entire holiday budget. Single-use credit cards, also called disposable or virtual credit cards, are easy to get from most credit card issuers. They’re a good choice for any must-have items that you can only purchase from an online or event vendor with an unverifiable reputation.  

Beware of Packages (and Shipping Notifications), Don’t Open Them Too Soon! 

This time of year, most of my purchases will be arriving from UPS, Fed-Ex or USPS. I am as impatient as anyone and I want to know any news about shipping delays ASAP. This can get you into significant trouble. Currentlysome of the very worst cyber-attacks are ransomware programs that come to you in the form of email attachments. If you open one of these at work, it is likely the entire network will go down and great damage will be done. It’s not so nice when it happens at home either.  

One of the most common ways to trick you into opening an email attachment is to make you think it is a legitimate email from a shipper or vendor urging you to open an attached invoice or shipping update. If your company has a Security Awareness program, use its guidance on how to avoid this problem. If not, DON’T OPEN THE ATTACHMENT. Go back to the vendors or shippers website and get the tracking or invoice information directly from them, not from the email.  

Elf on the Shelf is not the Only One Watching You 

Avoid making purchases when using your mobile device on a public WIFI network. If you are using a cellular data connection, that should be fine. You can also use your cell phone as a reasonably secure WIFI hotspot for your non-cellular devices when you are away from the office or home. If you frequently need to use public WIFI hotspots, look into using a VPN service. VPN services are not perfect, but they are likely to make your connection to the internet very secure.  

Bad Santa’s Customer Support 

If you get a call from someone claiming to be customer support, ask them how you can call them back. You need to be able to verify that the person calling you is really whom they claim to be. Check out the number they give you. Another safe option is simply calling the support number listed on the vendor’s website or associated with your accounts or invoices. 

The same advice goes for customer support emails. Examine the email address carefully and see if you can confirm that the query is legitimate.  

That Password Manager is not the Naughty List 

Make certain that your PayPal password and all of your banking passwords are uniqueWhen you set up accounts with vendors (online or otherwise), don’t use the password you used for your bank or PayPal. Having unique passwords is MUCH more important than complex passwords or changing your passwords frequently. Lastly, the password you use for personal email accounts or any email accounts from a “free” service (Gmail, Yahoo, Hotmail, etc.) should NEVER be the same as the password you use for other accounts.  

Mr. Freeze the Snow Miser Can Protect You from Identity Theft 

One of the most important things you can do to protect your personal and family assets from identity theft is to freeze your credit with the credit reporting companies. There are lots of misconceptions about this. It does NOT harm or freeze your credit rating. Simply go to the websites of the three credit reporting agencies and ask them to freeze your credit. When you need to take out a loan for a car or house, you just need to unfreeze your credit a day or two before.  

Don’t Fall for the Secret Santa Con-game 

If you get an email from your boss or another employee asking you to buy gift cards for an event, you might be about to fall for a scam. This scam has raked in millions of dollars for evil hackers this year. If you get such a request through an email, pick up the phone, and confirm the request in person. Also, make sure your organizations Security Awareness program educates everyone about this scam.  

I hope you have a great holiday season and that you have a merry time with Santa or at least a blowout party with Krampus. In any case, be cyber safe this season. Use your list and check it twice to see if that vendor is naughty or nice! 

New call-to-action

Topics: Vulnerabilities, Security, Security Awareness