Don't Let Your Ho Ho Ho Turn into Bah Humbug
3 Tips for Safer Online Holiday Shopping
As we head into this holiday season full of family, joy and celebration, it is a good time to remember to be smart and cautious in the cyber world. This is especially important on Monday, December 1, better known as Cyber Monday in the US. Today, Cyber Monday is viewed as the kickoff to the online holiday shopping season, when shoppers flood websites to take advantage of retailers’ online promotions.
According to the National Retail Federation (NRF), more than 25 million Americans shopped with their mobile devices alone on Cyber Monday in 2013. And that does not include the ‘early birds’ that began their online shopping as early as Thanksgiving evening as retailers unveil their sales. Shop.org, a division of the NRF, projects 2014 online holiday sales to increase between 8-11% to as much as $105 billion during the months of November and December. They also project that the average shopper will do 44% of their holiday shopping online.
We are all human, we are busy and we are more inclined to click quickly during the holiday season to get that one very special bargain. Cyber criminals know this and they will go where the money is. So, as online holiday picks up speed over the Thanksgiving weekend, expect increased malicious activity such as phishing scams and malware campaigns especially on social media and mobile devices.
Here is some practical advice to help you keep an eye out for these holiday scams:
- If it’s too good to be true, it probably is. Your inbox will be filled with your share of holiday spam and phishing attempts that advertise iPhones, tablets and those really hard to get toys that are the perfect gift. The hype and limited availability of the new iPhone6 and iPad Air2 is a dream scenario for the cybercriminals. They will mention these must-have gifts in dangerous links, phony contests, and phishing emails with headlines such as “Free iPad Air”, “one day special”, or “ridiculously low price for a limited time only” to grab your attention. Their hope is that you will provide personal information or click on a dangerous link that could download malware onto your machine. The link may also take you to a phony eTailers where they will gather your credit card number and other personal details, obtain your money and you never receive the merchandise. To avoid being hacked, always enter the shop's URL in your browser, rather than following the links contained in an email.
- Stay vigilant when using social media. We all want to share that holiday spirit and what better way than on social media. Cybercriminals understand this and know that they can catch you off guard as you quickly tweet, post and “like”. It’s just as easy to use Facebook or Twitter (vs a website) to perpetuate scams during the holidays. Think twice before clicking or liking posts, accepting that raffle prize, or following the link to your “friend’s” page that shows you how to get the hottest holiday gifts. Also, be on the lookout for malicious mobile apps that can steal your information or send out premium rate text messages that very quickly run up your bill. Twitter ads and special discounts use blind, shortened links that could contain malware. Again, it is far safer to type the URL in the browser.
- Be wary of fake charities. This is one of the biggest scams of every holiday season as it is easily the most popular time of the year to make charitable donations. Cybercriminals count on your generosity and hope to get their share by sending phishing and/or spam emails advertising fake charities. Type the charity’s name into your web browser. Do not follow the link in the email and remember to check the Federal Trade Commission's Charity Checklist.
And, one more reminder, always use your credit card to shop, not your debit card. There are more security protections on your credit card and your maximum out of pocket loss is $50 if the card is used fraudulently. You do not have as much protection with your debit card. If breached, the cybercriminal can quickly empty your banking and possibly other accounts if they are linked. It could take you months or more to get that money back.
For further information on keeping the holidays safe, check out the excellent advice found at the U.S. Computer Emergency Readiness Team website.
About the Author
Thomas Dunbar is the Chief Information Risk Officer for XL Group Ltd. Mr. Dunbar is responsible for XL Group’s overall Information Risk Management program, including the company’s information risk and security strategies, tactics, planning, governance, architecture and operations. He is a member of the IT Leadership team, the Operations Risk Committee, and the Data Privacy Committee. He joined XL in 2002 as their first Global CISO.