Holidays are a prime time for cyber criminals, with increased online shopping, travel, and package delivery, targets are easy pickings. In addition, with the COVID-19 pandemic, more and more people are shopping online to stay safe during the holiday season.
Indeed, the online shopping numbers are record-breaking while in-store shopping has dropped off in 2020. According to the National Retail Federation, “Black Friday and Saturday saw tremendous growth in online activity. For the first time, the number of online Black Friday shoppers passed the 100 million mark, up 8 percent over last year. The number of online Saturday shoppers grew even more, up 17 percent compared with last year. Online-only shoppers increased by 44 percent for the entire weekend, for a total of 95.7 million. …”
But sadly, with the growth of online shopping, there is also a surge in scams and online fraud that impact online holiday shoppers. Phishing and ransomware have soared during the pandemic, as have cyberattacks via social media, “drive-by” websites (set up just to trick people into fraudulent transactions), vishing and much more.
Ways Cyber Criminals Attack, Especially During the Holidays
What attacks should you watch out for? The most prevalent attack is phishing, where you receive an email that either has malicious links or malicious attachments. When you click on a malicious link, you are most often taken to a malicious website that either looks legitimate and captures your sensitive information through a copycat form, or it downloads malware onto your PC.
Another attack to watch out for is when bad actors steal your logon credentials (user name and password) and access your account by pretending to be you. This is why it is important to not reuse passwords and to change passwords on a regular basis.
The use of public WiFi in coffee shops and airports can also give criminals access to your PC or network, so it is best to avoid the use of public WiFi when doing your Christmas shopping.
Finally, many unsuspecting consumers shop at insecure or fake websites that may appear to be legitimate, but are in fact imitations.
Outcomes of Cyberattacks
Once a criminal hacker gains access to your PC, system or network, what happens next?
One result could be ransomware place on your system. The top ransomware threats of 2020 include Maze, REvil, SNAKE (EKANS), Tycoon, TrickBot, and many more. Regardless of the type, if you get ransomware, your data will be encrypted and you will be asked to pay a ransom to get the key to unlock your data. Ransomware can be devastating, the best protection is to make regular backups , test them to ensure they work properly, and ideally store them where they can't be accessed by an attacker.
Other types of malware can install keyloggers that steal the information you type including your logon credentials, bring down your network, or disable PC functions while data is stolen.
Be aware that vishing (phishing by phone) and other common attacks do not need to use cutting-edge technology to steal your data. Many people will give information away on the phone when they are tricked into believing that the person calling is legitimate. Callers often pretend to be trusted companies like Microsoft, Google, banks, insurance companies and health care providers, or even the IRS. Smishing (phishing by text) is being increasingly used by scammers, where users are more likely to click on malicious links. A common holiday smishing scam is to send a message with a tracking code for a package delivery, the message appears to sent by a respected shipping service, like FedEx or UPS.
Tips for Holiday Shoppers to Stay Cyber Safe
So what can you do to address these online challenges? Here are some tips to consider as you search cyberspace for holiday bargains and do your last-minute shopping.
- Don't be in a hurry. Leave yourself time to do your shopping. Cyber mistakes often occur when rushed. Follow the Stop. Think. Connect. mantra.
- Do your homework - before you shop. Determine in advance where you are going to visit online, and don’t be fooled into visiting unknown websites, especially ones that have bargains that are too good to be true. Watch-out for tempting links and tricks to get you to click such as free offers.
- Be on alert for phishing scams. Always look for phishing attacks by email, voice, text, look-alike ads and social media, but especially during the holidays. With email, text, and social media, don't click on links or open attachments that are unexpected. Instead, go directly to the website. Never give out personal information in response to a phone call, email, or text.
- Always use HTTPS. Check for the lock in the URL address bar of your browser. Make sure that your sensitive information, like credit cards and other personal data, are only sent via encrypted connections.
- Keep application software, operating systems, and A/V updated. Many users fail to apply the latest security patches and/or update antivirus software, leaving their computers, tablets and smartphones vulnerable. Updates are vital to ensure adequate online protection. Set your system and devices to automatically make updates when possible.
- Watch for fraudulent gift cards. Cybercriminals use social media as an easy way to steal from unsuspecting victims by offering free money or even doing online Secret Santa gift exchanges. They also use social media to spread malware to millions of people. Don't be lured into falling for free money or gifts. Avoid clicking on links, especially shortened URLs.
- Don't use free public WiFi. Shoppers often hop on the nearest free public WiFi network to make a purchase, including transmitting their sensitive information. Using these networks can open you to dangerous situations where others on the network can see and steal your information.
- Protect your credit card information. Enter and store your credit card information, and other sensitive payment data, only on websites/applications that are known and trusted. Even though it is convenient to store information, consider not saving this on website accounts for future transactions as it is also easy for a hacker to steal.
- Practice good password hygiene. Don’t reuse passwords. Choose strong passwords and use two-factor authentication when available. Most banks and many websites and online stores (like Amazon.com) offer free two-factor logon, so take advantage of this security feature.
- Use a credit card, not a debit card. Credit cards generally offer better protection if your account information is stolen, and stolen debit cards can be more easily used by bad actors.
- Check your credit card and debit card statements closely. Ensure that you go through those statements monthly for all of your accounts to double-check that you are not being charged for items you did not purchase. Usually you only have a limited amount of time to report suspected fraud.
Closing Thoughts
The Security Mentor Security Awareness Training Blog offers cyber security tips that you can use throughout the year to establish good online habits and build a culture of security at work and at home. You can also visit sites like the FBI Scams and Safety website to examine the latest scams being detected by law enforcement.
The holidays are joyous times, don't let a cybercriminal ruin them. Give your family and friends the gift of helping them learn to be cyber safe by passing along these holiday cyber-security tips. You can even print them and send them in your holiday card.