8 WAYS TO STAY SAFE SHOPPING ONLINE
In the rush to get holiday shopping done, it’s too easy to take shortcuts that could put you at risk of cyber attack.
According to a recent CNET survey, one in four holiday shoppers has been a victim of an online hack in the past 12 months. To avoid joining their number, cybersecurity experts offer these tips to keep you, your credit cards and bank accounts safe.
1. DON’T USE SKETCHY WIRELESS NETWORKS
This is the easiest to fall for. You’re out and about, you pull out your phone and up pops a free Wi-Fi hotspot. It might even have a safe-sounding name: Westfield Mall Guest Network, or Holiday Happiness Free Wi-fi. Without thinking, you click and get connected. Hackers get the chance to infect your phone with malware or siphon off your passwords and account information.
There are a couple of issues there. Sometimes the network is a fake one, what security professionals call a honeypot, meant to lure in the unsuspecting so their information can be stolen. To guard against these, look around for signs at the mall, store or airport that include the Wi-Fi network name, and make sure you’re using that. Don’t just assume that any network that pops up is legitimate. Hackers routinely create them and wait for the unwary to connect. Ask an employee if you’re not sure. When in doubt, don’t connect.
Even if you are on a legitimate network, remember that public Wi-Fi isn’t secure. It’s all too easy for someone to monitor the traffic whizzing through the air and potentially steal login and password information that you yourself type in or that your phone automatically fills in through preexisting cookies. “Consider waiting to enter your credit card information when you get home,” suggests James Lyne, global head of security research for Sophos, a security firm.
2. WHO REALLY SENT YOU THAT ONLINE HOLIDAY CARD?
Electronic holiday cards are increasingly popular, but be careful about clicking on the links that show up in your mailbox. While we’ve become cautious of subject lines like “HELP! Stuck in the Philippines” or “Urgent: Must move funds from Romania,” something that says “Merry Christmas from the Andersons” might slip through our defenses. Do you actually know any Andersons? And didn’t you already get a paper card from them last week?
3. USE DIFFERENT PASSWORDS FOR EACH ACCOUNT
Yes, broken record time here. But criminal hackers really do keep searchable lists of all the account IDs, email addresses and passwords they’ve stolen. They can even rent those lists for pennies for a thousand names. So when they break into one account, they add it to the database. Then they try that same email address and password against a list of hundreds of other stores and banks. Think of it as the Lord of the Rings maxim: One password to rule them all makes for bad security. If you can’t remember all those passwords, consider using a password management program, suggests EY Cybersecurity Services.
4. WATCH FOR TYPO SQUATTERS We’re all busy and trying to do a million things at once. Which is why you should always take a second to look at the URL you just typed into your browser and make sure you are where you think you are. Cyber criminals know we make mistakes when we type, and they’ve registered a lot of typo-ridden addresses that are just a hair away from the one you meant to type. It could be something as simple as Gooogle.com (though Google long ago got most possible variations on its name, so this one’s safe) or say AuntS-alliesTeaShop when the actual Aunt Sally spells hers with a Y, not IE. Criminals can almost perfectly copy the site they’re aping, so you think you’re where you want to be. Double check.
5. CHANGE YOUR COFFEE POT’S PASSWORD
Connectable devices will be a hot item this holiday season, whether they’re coffee pots you can turn on with an app on your phone, a drone or a smart light bulb system. But they’re also eminently hackable, and most come with laughably easy preset passwords that take hackers only a few seconds to get past. When you’re setting up your new gadgets, take the extra five minutes to reset the password they came with so your device doesn’t run the risk of becoming part of someone else’s zombie botnet.
6. DON’T HAND OVER YOUR CREDIT CARD NUMBER
It’s tempting to let a website keep your credit card number and information on file. But if that site gets breached and it hasn’t done a good job of protecting yours and everyone else’s credit card information, it could mean trouble.
7. READ THROUGH YOUR CREDIT CARD BILLS
If you see a charge you don’t recognize, call immediately to check it out. Too often hackers presume people won’t notice the $40 here or $20 there on their cards and thereby miss fraudulent charges. Get them reversed quickly so you don’t have to pay.
8. TAKE CARE ON PACKAGE DELIVERY NOTICES
Phishing emails that try to get you to click on a link that can install malicious software on your computer are a perennial problem. This year Intel Security says it has seen an uptick in fake delivery notices.
These look like the common email notices sent out when something you’ve ordered online has been shipped. They might say, “Click here for expected delivery date,” except they aren’t from an actual store but instead from hackers. If it seems fishy, don’t click on the link but instead go to the website of the store the delivery notice purports to be from.
“During the holiday season we tend to be rushed, and we tend to click on things that we maybe shouldn’t.” Gary Davis, Intel Security chief consumer security evangelist