Cybercriminals are opportunists, and every holiday season Black Friday and Cyber Monday kicks off a rush of online purchases. Hackers know this and look to exploit the less tech-savvy and impulsive shoppers in the process. This year, the Cybersecurity Infrastructure Security Agency (CISA) warns shoppers to be on guard. Here’s how to shop safely online and protect yourself from online scams.
CISA has launched a dedicated website for holiday online safety tips, and has three main best practices:
- Check your devices
- Only shop through trusted sources
- Use safe methods for purchases
Check Your Devices
CISA advises shoppers to make sure that the device that they intend to use to shop online is up-to-date. This includes ensuring that the apps and the operating system are current. Next, make sure that account credentials are strong and if possible, enable multi-factor authentication (MFA).
Multi-factor authentication is key because even if an attacker steals your credentials, they likely will not be able to login to your account.
When possible, enable automatic software updates on your devices—especially the device you intend to make online purchases with.
Only Shop Through Trusted Sources
If a deal is too good to be true, it probably is.
Hackers and cybercriminals are known to make convincing-looking websites that appear legitimate, and may even have encrypted SSL enabled on the website, but are really “digital fronts” for collecting buyer personally identifiable information (PII) and credit card information.
If you’ve never heard of the online website or store before, don’t buy from there no matter how tempting the price is. When possible, try to Google the online retailer website and look for credible reviews or references to the business.
If you can’t find anything, avoid the online retailer. A few bucks you think you’ll save isn’t worth having your identity or credit card information stolen.
Finally, it’s not a bad idea to Google search the listed phone number or address of the business. I’ve personally seen a phone number that claimed it was a car dealer in South Carolina actually be a doctor’s office in New York.
There has been a huge influx of scam emails in recent months claiming to be from Dicks Sporting Goods, Kohls, and CVS that seem to evade even the best anti-spam detection filters. They may appear legitimate, but are not, and again will be used to harvest your credentials or credit card information.
These malicious emails can be used to also deploy malware to your personal devices, so even if you don’t enter any personal information, it may still infect your device.
Use Safe Methods for Purchasing
If you can, don’t use a debit card for any online purchases. Credit cards have many inherent buyer protection services and legal coverage against fraudulent charges, whereas a debit card does not.
A debit card will also immediately withdraw money from your bank account, and unauthorized or fraudulent charges could suddenly leave you without enough funds to pay your legitimate bills.
Get in the habit if you aren’t already of routinely checking credit card charges—especially throughout the holiday season—for any suspicious transactions.
If you’re using an online payment service such as PayPal, link a credit card to the account for online transactions—don’t use a bank account.
Finally, if you receive a suspicious email that you suspect is a phishing scam, you can report it at us-cert.gov/report-phishing.
