The holiday season is upon us, and you are probably shopping the never-ending sales that have been available since Halloween, especially online. More and more holiday money is being spent online, and this presents hackers and cyber-thieves a unique opportunity to rake in the cash – almost $800 million last year, according to the FBI.
To help protect your money and information, the FBI and other cyber-security watchdogs are highlighting the risks to those who will shop online, and we are taking this opportunity to share our Twelve Tips of Holiday Season Safety.
12. Hark the Herald Angels Sing: “Advertising wondrous things!”
While bargain hunting is great, there are many bogus websites created at this time of year in order to offer amazing bargains on brand-name things. If you see a discount from an unfamiliar online retailer that sounds too good to be true, it probably is. Don’t be tempted.
11. Randolph the Red-Nosed Reindeer
Another favorite trick of cyber-thieves is to use closely matching URLs to catch people who may mistype the address in their web browser. You were aiming for LLBean.com, but somehow you ended up at LBean.com, and instead of getting your flannel PJs, you now have malware on your computer. So type carefully, and pay attention to the addresses of the sites you’re visiting.
10. We Three Kings … All Use the Same Password
If you create an account at a merchant site, avoid using a username and password combination that you have used elsewhere, even if it is one deemed strong by a site you trust. While your banking site may be secure, small vendor sites are often not, and so are often targeted by criminals. If you have used the same username and password combination for your banking site, you just made someone’s Christmas.
9. It’s Beginning to Look a Lot Like….
“Your UPS delivery is on its way. Click here to see shipping details.” Actually, if you click here, you might see your computer infected with malware. Emails you receive detailing shipments you don’t recognize are often attempt to infect your computer with malicious code. Don’t trust shipping details links. The legitimate vendor will always email you a tracking number with your shipment notice – copy and paste the number into the shipping company’s webtracking page.
8. It’s the Gift that Keeps on Taking
Gift cards are a great stocking stuffer, because what’s better than being able to choose what you want to buy for the Holidays? But if you want to give that gift, make sure that you only purchase cards directly from the company or from a well-known retailer. Offers and deals online that claim to give you extra value above what is legitimately on the card are often scams, or possible stolen cards with no value.
7. All I Want … is for My Package to be Received
When you order from a legitimate retailer, try to ensure that your delivery will be at a date and time when someone will be home to receive it. You may also be able to submit a direct request to the shipping company to pick it up at one of their facilities (USPS, UPS, FedEx, and DHL all have the ability to do this online). Incidents of mail theft have quadrupled over the last two years, because knowing the number of deliveries at this time of year, thieves will tour neighborhoods looking for Amazon boxes and other packages left on your doorstep. While you do your shopping online, thieves are doing it at your front door.
6. On the Sixth Day … My True Love Gave to Me…An eCard with a Virus
“Oh look someone sent you an eCard, and it needs to install a new version of FlashViewer.” Most of the time when your computer is compromised, it is because of something that you clicked. Social engineering plays on human desires and social bonds to exploit trust, and ecards are a favorite scam. If you receive holiday ecards or messages from people you do not know, or receive any unexpectedly from people you do know, treat them with suspicion.
5. Dreidel, Dreidel, Dreidel…Public Wifi Just Won’t Play
While a lot of online shopping happens from home, more people than ever will use their mobile devices to price check or even purchase items while out and about. Make sure that your device is not using public wifi when you do anything involving passwords or payment cards unless you are using extra security, such as the Virtual Private Network client for both iOS and Android that is available to all Northeastern faculty and staff. Also don’t let your device automatically connect to unknown wifi, because rogue wifi with familiar names are an easy way for hackers to obtain your information. In the end, to be extra secure if you do want to make a purchase on your mobile device, double check that you are on a known and trusted network, or use your data access.
4. Oh There’s Nobody Home for the Holidays.
Posting on social media that you are at grandma’s house for the holidays, or skiing in Aspen, can be fun to share. However, it also lets people know that your home is empty, and someone might decide to do a little late season shopping while you are gone. Be careful about how many people are aware of your travel plans. Do you really know and trust all the friends or followers that you have on social media?
3. Making a List and Checking it Twice is Sound Advice
Know what you buy and where – make a list of your purchases and check it against your credit card statements when they come, or online when the transactions post. Take the time to ensure that your card isn’t being misused and that you have been charged what you expected to be charged by merchants. The sooner you can detect malicious activity, the easier it is to remedy. It’s also good to make sure you have contact information on file with your credit card companies, so they can contact you if they detect anomalous activity.
2. Blessings Might Come Back to Bite Good King Wenceslas
The holidays are a time for giving, and also, unfortunately, for taking. The number of charity scams increases exponentially during this time of year. If and when you decide to make a charitable donation, check that your donation will be going to the cause you wish it to, and that the highest ratio of your dollar goes to the charity instead of expenses. Use www.charitynavigator.org as a
reputable resource to ensure that your donation finds a good home. And never respond to unsolicited phone calls or door-to-door charity requests from unknown people.
1. It’s a Marshmallow World…Don’t Get Toasted
Many credit card companies offer the ability to create a one-time-use card number through their websites. Use these numbers to protect yourself should your retailer experience a data breach where customer names and card numbers are stolen. Most credit companies do not hold card holders accountable for theft, but doing this reduces the headache you can face in cleaning up the mess. Also, despite what many say about incurring debt at the holidays, avoid using your debit cards – they have less loss protection than credit cards.
Have a Safe and Happy Holiday!