Common sense and a careful backup plan are just a couple of the ways to be prepared for online and traditional dangers during the season.
Even if you’ve barely drawn breath since Black Friday and Cyber Monday deals filled your inboxes, you’re not out of the shopping woods just yet.
The holidays are only days away; although the days never come soon enough for those under 10, the average adult is lamenting how quickly the need for even more shopping looms ominously above.
SEE: 10 ways to raise your users’ cybersecurity IQ (free PDF)
Pretty on the outside only
No matter how anxious or stressed you’re feeling, the first big bit of advice is a sensible one. Do not be swayed by the great marketing ads that populate your social media pages. The ads may look good, but never click and buy without doing your due diligence.
Beware of clicking on links delivered to your email
“During the holiday season, a phishing attempt may come via an email with a link to a fake website built to steal your personal information,” said Chris Duvall, senior director at The Chertoff Group.
“Exercise caution in refraining from clicking on such links and downloading files from unknown sources—also beware of emails or websites with typos and grammatical mistakes, which are common characteristics of phishing attempts,” he added.
Look up the name of the company proposing to sell you some coveted item and see what kind of feedback they’ve gotten from review pages.
Read the lowest (one) star first, so that you have an idea of what might be going on. Granted, it may seem, in general, like the first ones to complain and dole out a bad review are written by those for whom criticism is a daily thing. But if you continue to read, you’ll get a sense of mutuality.
For example, if you’re looking to get a shower radio, and the majority of the one—and two-star reviews state that the volume control knob comes off too easily, then that’s probably what’s wrong with it. The same can be said for ads touting great bargains. Be sure to read the fine print.
Assess website security
Duvall advised: “Look for the padlock symbol in the address bar, or a URL that begins with ‘https’ as opposed to ‘http,’ with the ‘s’ standing for ‘secure.’ Some browsers will even indicate whether it’s safe for you to give out your credit card information by showing you a green address bar, while unprotected ones will be red.”
Be skeptical of suspiciously low prices
“While big sales are a holiday trademark, if a price seems ‘too good to be true,’ then it probably is,” Duvall said. “Compare prices for the same items on other websites. If the price is drastically lower, then it is probably a scam designed to acquire your information.”
Deals can be dicey
The holidays are defined by gift-giving, whether for genuine sentiment or obligation, and you may be eager to jump on the deals.
Monique Becenti, product and channel specialist with the website security company Sitelock, says proceed with caution.
“With the great deals available, shoppers may be tempted to click on third-party links offering coupons or promotions,” Becenti said. “A shopping holiday means there is vast opportunity for cybercriminals to try to steal shopper information through spoofed sites, malicious coupon code links and phishy marketing campaigns.”
Be on the lookout for fake shopping apps
“Hundreds of fake retail apps designed to steal your credit card information are popping up in Apple’s App Store and Google Play,” Duvall warned. “Make sure to download the legitimate version of retail apps by downloading it directly from a store’s website, or by thoroughly checking user reviews if downloading from an app store.”
Prioritize shopping at trusted sites and do your research
Duvall said: “On the internet, some websites are created by people just wanting to steal your information. To avoid this pitfall, shop at retailers you are familiar with and have used before. If you want to purchase an item from an unfamiliar retailer, do some research first.
“Consider checking out the company’s social media following, customer reviews, its record at the Better Business Bureau, and even contact the business directly. When buying from online marketplaces like eBay, thoroughly review the seller’s reputation, assess the item description carefully, read comments, and even ask the seller direct questions before buying.”
Never use that ‘other’ card
While you may have the best intentions, such as avoiding using your credit card too much, don’t use your debit card, either.
Yes, when you want to return an item to a company like Target or Old Navy or Nordstrom, having a card number, credit or debit, in their “system,” makes it much easier when you don’t have a receipt, as they can look you up through your card.
That’s a convenience for those who lose their receipts easily and pay in cash, but it’s a convenience you could and should do without.
With debit cards, while regulated by the Electronic Fund Transfer Act, it’s easier for fraudsters to hack your account. You also are subject to more liability. If you report an issue with your debit card within two business days, your liability is only $50, but after two days, leaps to $500. Credit card liability is limited to $50.
And, if a bartender or hotelier wants to ensure you have the funds to pay them, your debit coin may be on hold, whereas with credit cards, it is instantaneous. Debit cards are also not beneficial to travelers, you won’t get points or credits, and lastly, they won’t help you rack up rewards. Use your debit card for what it’s best and intended for: the ATM and cash withdrawals.
Handling a hacking
If you’re unlucky enough to be hacked, Becenti said, there are steps to take. “Affected consumers should start by changing usernames and passwords for any connected accounts. If you can implement two-factor authentication, do so.”
“For website owners keen on avoiding a similar fate, enacting security plugins that will monitor your site for suspicious activity, ensuring your website software is always up to date, and utilizing parameterized queries are all key steps to take to keep your data secure,” she added. “It’s also important for businesses to evaluate the cybersecurity practices of their partners.”
The key to being cybersafe is to not shop rashly, take time to not only ensure you’re getting the best deal, but to give yourself time to do even the most minimal of searching for the company online, never use your debit card, and on-ground, be sure your card has been returned to you by the cashiers.
Here are 7 tips
1. Don’t rush and don’t let “time-sensitive” sites bully you into buying things quickly. If you are on a site you don’t know and haven’t ordered successfully from, open another browser window and look the seller up. You can put the name of the seller and “review” and you are very likely going to get helpful feedback.
2. Be on the lookout for spoofed sites, malicious code links and too-good-to-be-true marketing campaigns.
3. If it’s available to you, opt for two-step verification. Use the cybersecurity available to you.
4. Don’t use a debit card for anything but the ATM.
5. If shopping at a store, make sure you get your card back, and put it back into the same place in your wallet right away.
6. If you suspect you’ve been hacked or lost your card, call the company as soon as you can. One way to ensure you have all the necessary numbers is to keep your CC information admins in your phone contacts, using a simple pneumonic or device you’ll easily figure out and you’ll have handy.
7. Some stores are open very late. The discount chain shop Ross is open throughout the holidays until midnight (or even later in some locations). That said, and if you have to actually set foot in a shop, be sure you go with someone. Don’t park far away from the store entrance (that’s where the security guards will be, too). And be aware of your surroundings. Don’t worry about hurting someone’s feelings if you get a weird vibe and don’t want to share an elevator. Wait for the next elevator car.