As the Holiday Season presents itself once again, consumers take to smartphones, tablets, and laptops to research and buy gifts for family, friends, and loved ones. Online shopping proves to be a convenient alternative for consumers in our hurried societies; however, ecommerce also presents increased risk of financial fraud and identity theft.

AdobeStock_283794122_Editorial_Use_Only

Online Spending on Thanksgiving Day, Black Friday, and Cyber Monday

According to the U.S. Census Bureau of the Department of Commerce, ecommerce sales will account for more than 10% of all retail sales in 2019. This percentage is only expected to increase in the coming years. Last year, shoppers spent $7.9B on Cyber Monday, a nearly 20% increase from the year prior. This followed 2018 Black Friday’s record $6.2B e-commerce sales and $3.7B of e-commerce sales on Thanksgiving Day. With some quick math, consumers spent nearly $18B online in three calendar days. This level of online shopping activity creates prime opportunities for cyber criminals to rake in the funds.

Protecting Yourself While Shopping Online

Pay with a Credit Card, Not a Debit Card

Credit Cards, by law, are required to limit a user’s liability for fraudulent charges. If you incur fraudulent credit charges, you are not required to pay anything while the credit card company investigates and most offer $0 liability for fraudulent charges. Debit cards, however, may not have the same level of protection. The fraudulent charges will also draw directly from your bank account and could leave you with insufficient funds.

Do Not Store Credit Card Information Online

Storing credit card information may be convenient, but it is also risky. If your online shopping account is compromised, cyber criminals may be able to make purchases with your saved credit card information. We’re all about making it *harder* for hackers, not easier. We suggest taking the extra minute or two to manually enter your credit card information.

Beware of “Too Good to be True” Sales

Holiday sales on days like Thanksgiving Day, Black Friday, and Cyber Monday have become a part of American culture. Cyber criminals take advantage of consumers, especially during the Holidays, by promoting “too good to be true” sales. If the sale looks “too good to be true” then it likely is – be sure to compare items and prices with similar vendors.

Avoid Using Public Wi-Fi

Public Wi-Fi is a cyber criminal’s best friend, and your worst enemy. It takes little technical skill for a cyber criminal to intercept your web traffic on a public Wi-Fi network including your passwords, email addresses, and browsing history. Because you are often required to share personal information when shopping online, you risk a cyber criminal compromising your credentials, credit card information, and more by shopping online via public Wi-Fi.

Consider Using a VPN

Virtual private networks (VPN) are a great way to add a layer of encryption to your web traffic and make it virtually impossible for cyber criminals trolling public Wi-Fi connections to intercept your traffic. If you must use public Wi-Fi networks for your online shopping, we suggest using a VPN to protect your confidential person and financial information.

Use Strong Passwords

Good password hygiene is at the top of the list when it comes to cybersecurity best practices. However, weak or stolen passwords are the cause of many of today’s breaches and security incidents. Ensure your passwords are complex – utilizing a combination of lowercase and uppercase letters, as well as numbers and symbols - and vary for each account. We suggest utilizing a password manager to generate and store your passwords.

Ensure the Webpage is Secure

Most web browsers have indicators that enable visitors to quickly identify if the website is securely transferring information. The CISA notes that websites that have URLs that begin with “https:” instead of “http:” and feature a padlock icon (see below) encrypt information. The padlock icon varies in location for each browser – find out where the icon is located on your browser and look for it before making purchases online.

Shop with Retailers that are Trusted and Verified

Some sites are backed by cyber criminals with the sole intent of collecting personal and financial information from victims. To avoid malicious sites, we suggest only making online purchases from retailers that you trust and are verified.

Consider Using Digital Wallet for Increased Security

While some are leery of digital wallets like Apple Pay and Google Pay, digital wallets or other apps (like Venmo) can actually enhance the security of your online transactions. Rather than displaying your credit card information, digital wallets populate a one-time code for each transaction.

Check Privacy Policies

The CISA recommends checking a website’s privacy policy before providing personal or financial information. Understanding how your information will be stored and used will help you make decisions about which retailers you prefer to shop with online, and which you would prefer to shop with in store.

Be Cautious of Email Scams

As we’ve discussed above, the Holiday Season is full of retails sales and incomparable deals – which means your email box is likely flooded with promotions from your favorite retailers. Be cautious of emails that request personal information or account confirmation. The CISA notes that’s “legitimate businesses will not solicit this type of information through email”. As a rule of thumb, do not share your personal of financial information via email with anyone and avoid suspicious links. If you are prompted to visit a retailer’s website by clicking on a link, directly type in the address yourself to prevent malicious software (malware) being installed on your machine.

Check Your Statements

Simple, but important, advice – keep a paper trail and keep an eye on your accounts and statements. Check your credit card statements for fraudulent charges frequently after holiday shopping. Many credit card companies allow you to set up alerts when a charge is made to your account – setting up alerts will allow you to stay on top of your purchases and identifying fraudulent charges. If you do notice a fraudulent charge, report it immediately.

Sources

https://www.cnbc.com/2018/11/27/cyber-monday-sales-break-record-a-record-7point9-billion-spent-online.html; https://www.census.gov/retail/mrts/www/data/pdf/ec_current.pdf; https://www.lifelock.com/learn-internet-security-safe-holiday-online-shopping-tips.html; https://www.us-cert.gov/ncas/tips/ST07-001

COMMENTS

THIS POST WAS WRITTEN BY Kendall Blaylock

Kendall serves as the director of cyber intelligence for HORNE Cyber where his specialty is digital forensics and incident response.