As we enter the holiday shopping season, the risk of online fraud increases dramatically. According to the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency, U.S. retail e-commerce spending for this holiday shopping season is forecasted to top $135 billion. Online criminals will utilize this busy time to prey even more upon consumers who are unsuspecting or unprepared. The following information and best practices can help you have a more secure shopping experience during the holiday season and beyond.
Software and Antivirus Updates
No matter what the device you shop from, Operating System updates and antivirus definitions should be installed as soon as they are available.
Passwords to online shopping sites and other accounts should be changed regularly and different passwords should be used on each account. If offered by the site, take advantage of multi-factor authentication for an added layer of security. Passwords on home networking equipment, such as Wi-Fi routers, should be changed from the default password they are configured with from the factory.
Credit cards should be used instead of debit cards. Credit cards have better protections for the consumer if fraud occurs. Debit cards have no limit to the amount of loss the consumer can suffer. Verify online transactions by checking your credit card and banking statements routinely.
Using Public Wi-Fi
Online shipping or banking should NOT be conducted over publicly available Wi-Fi networks. While the network in a restaurant, coffee shop, or store may require a password, there is no guarantee as to how secure the network is or who may be monitoring and intercepting your online transactions.
Beware of Phishing E-Mails and Social Engineering
This is the time of year in-boxes are flooded with offers of all sorts, which increase the possibility of encountering fraudulent websites and e-mails. Avoid opening attachments and clicking on links within e-mails from senders you do not recognize. Often, these attachments or links can contain malicious content that can infect your device or computer with ransomware or steal your personal information. Type the hyperlink for the website manually into your browser rather than clicking on the URL in the message. Also, be wary of e-mails or calls requesting that you verify your account by providing information such as your login, password, account number, etc. Legitimate businesses will never call you or e-mail you directly for this information. Utilize the customer service numbers on your credit cards, debit cards, bank statements or the merchant’s website to verify any information requests. Lastly, remember that, if the offer sounds too good to be true, then it probably is.
Whom You Conduct Business With
Extra consideration should be given to merchants and businesses you provide your personal and payment information to online. Reputable and established online businesses utilize encryption to protect your information as it is transmitted to and from your computer or device but this might not be the case for “unknown” online merchants. Also, to lessen the risk of visiting fraudulent or “spoofed” websites, consider how you get there. Certificate errors can be a warning sign that something is not right with the website. When shopping from your smartphone, only use apps from trusted businesses and downloaded directly from the device’s designated app store.
Content provided by the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency (CISA) and edited by Mark Owens, Director of Information Security, Prime Care Technologies