The holiday season is in full swing — and so is the season of cybercrime. Although brick-and-mortar shopping still outpaces online shopping, experts predict that 2019 will see continued growth in people turning to their computers, tablets and mobile phones to buy holiday gifts. And with that increase comes an additional increase in hackers and cyberthieves who want to steal your money, your identity and your personal information.
So how can you avoid falling victim to these holiday Grinches? By following a few simple security rules and learning what to look for, you can safely shop online and avoid having your season (and beyond) ruined by cybercrime.
The Biggest Threats: Phishing and Ransomware
Phishing emails, in which a criminal pretends to be a legitimate business or contact to get you to provide information, have been around for quite some time. But while you might expect a phishing attack to trick you into providing login information for an account, what you might not expect are these emails to contain ransomware.
Although in recent years, ransomware was largely aimed at businesses, attacks on individuals are on the rise. In fact, by some estimates, more than 90 percent of phishing emails received contain ransomware. When you open one of these messages and click on a link, it triggers the download and installation of the malware, which effectively locks your computer until you pay a “ransom,” at which point the hackers will (theoretically) restore access to your files and allow you to go on with your life.
Ransomware is more than simply annoying. While some people pay the ransom (which is often in the form of gift cards, wire transfers or cryptocurrency) simply so they can move on, doing so doesn’t mean that you will regain access to your files — or that the hackers haven’t corrupted them or stolen additional information while they locked down the machine. Security experts and law enforcement agents recommend that you never pay the ransom but rather turn to ransomware removal software or services to remove the malware. Better yet, by following some best practices, you can avoid infection altogether.
5 Top Tips to Avoid Holiday Shopping Dangers
Before you begin your online shopping frenzy, take a few moments to consider how you will remain safe, and make some changes to protect yourself and your devices.
- Make sure everything is up-to-date. Now is the time to make sure that you are running the most recent versions of your operating system and antivirus software. Malware often exploits vulnerabilities in machines that haven’t been updated, so install all missing updates to close those loopholes.
- Confirm your Wi-Fi is secure. Is your home Wi-Fi network locked down? If your router isn’t password-protected, set one now, and make sure that any connected devices (including smart appliances) on the network are connected via a secure connection. Also remember: Do not conduct sensitive transactions on public Wi-Fi. This includes checking your bank balance, making purchases or logging in to your email or social media accounts. Thieves could be monitoring those networks and capturing your passwords. If you want to check things on the go, invest in a VPN (via an app) or use cellular data instead, which is slightly more secure.
- Watch for signs of phishing. While poor grammar, misspellings and a strange email address used to be dead giveaways of a phishing email, criminals have become more sophisticated and some fraudulent messages are less obvious. Remember to follow your gut, and if something looks odd and feels off, don’t click. While you might want to take advantage of “today only” deals and specials, resist the temptation to click on links and instead navigate directly to the website, just to be sure.
- Use credit cards or cash. When shopping online, only use credit cards — never your debit card. It only takes a few minutes for scammers to wipe out your bank account, and while you’ll most likely get all of your money back, it can take a while. Credit cards offer more protection and can often remove fraudulent purchases within a few minutes and cancel your card. Sign up for alerts on all of your cards, so you can monitor all purchases being made and catch anything odd right away. When shopping in person, consider paying with cash instead of debit cards. In the event there is a major breach, as the Target breach of several years ago, your card number is less likely to be compromised if you don’t often use it.
- Follow password best practices. Finally, protect yourself by using different passwords for different accounts, following the rules for strong passwords and changing your passwords every few months. You may want to consider establishing an email address just for holiday shopping, so if your information is exposed, you can protect your primary email from the onslaught of spam and attacks that will surely follow.
Online shopping for the holidays is convenient, and there’s no reason to stop doing it. You simply need to be vigilant and remain alert to the threats and take steps to protect your money and your information from hackers.