- Aquaculture, Equine & Livestock
- Architects & Engineers
- Aviation & Aerospace
- Consumer Goods & Services
- Education & Public Entities
- Entertainment & Leisure
- Financial Services
Ho! Ho! Ho! not Oh No No No!
November 27, 2017
With the holiday’s right around the corner, we’re approaching the busiest time of the year to shop online.
Every year new figures are released that show more and more people conduct their holiday shopping online. And why wouldn’t they? It’s easy, there are great deals; and you don’t run the risk of getting run over by a shopping cart on Black Friday! The National Retail Federation (NRF) estimates that online sales spike by 3.6 - 4% during the coming weeks leading up to Christmas.
While it’s certainly convenient to shop online from your computer or mobile device, it’s also important to be conscious of some of the pitfalls presented by cyber criminals. Make no mistake about it; this is their busy time of the year as well.
Cyber criminals have more methods and scams than ever to deceive online shoppers, but if you keep a few things in mind you can remain confident that your transactions are secure.
Here are some quick guidelines to follow so you can spend the holidays spreading cheer instead of shopping in fear:
Look for the lock. Anytime you make a purchase or provide confidential information online, ensure that you are doing so on a secure, encrypted website. Confirm that you see the S in https://amazon.com & the lock icon.
If it looks too good to be true, it is! While there are some great deals out there this time of year, proceed with caution before clicking on links that might be offering you something a little too good, like a free iPhone X or XBOX One.
Use caution before clicking on links and attachments. The most popular method to compromise a system is by spreading malware via attachments or embedded links in an email. Over the holidays a similar type of scam can also be orchestrated via e-holiday cards. One way to check the validity of a URL is to hover your mouse over the address and see if it matches the company name or senders email domain. If there is any doubt about validity delete the message. Remember, if you are not expecting it, delete it.
Branding and logos don’t confirm validity. Phishers know what they are doing. They are crafting messages to look as legitimate as possible. Just remember, anyone can download branding & logos from the internet and apply them to a phishing message to make it appear valid. Also, be on the lookout if you receive messages that don’t address you by name, “Dear Sir or Madam” or “Dear Valued Customer” for example.
Don’t believe the hype. Preying on human emotion is one of the main driving forces behind phishing attempts. Don’t fall prey to fear tactics or urgent requests. Take a moment and think it through; if it seems suspect, it likely is.
Scams are not limited to online transactions, be skeptical on the phone as well. The same way that you would question an email that doesn’t look legitimate, be on the lookout for phone calls that you aren’t expecting. Vishing (voice phishing) calls can often be made from a spoofed phone number, so they appear to be from someone in your area. Don’t give out personal information over the phone unless you are 100% certain who is on the other end. In fact, call them back before you provide ANY information.
Be wary of fake charities. This is one of the biggest scams of every holiday season as it is easily the most popular time of the year for charitable organizations. Cyber criminals count on your generosity and hope to get their share by sending phishing and/or spam emails advertising fake charities. Type the charity’s name into your web browser. Do not follow the link in the email and remember to check the Federal Trade Commission's Charity Checklist.
Be cautious what you post on social media. Apply the same logic on social media that you would on a questionable website, think before you accept a friend request or click to win a free raffle prize. As many of us will be travelling over the Holidays, refrain from posting pictures or details that you will be away from home for an extended period of time.
Last but not least, always use your credit card to shop; not your debit card. There are more security protections on your credit card and your maximum out of pocket loss is $50 if the card is used fraudulently. You do not have as much protection with your debit card. If breached, the cybercriminal can quickly empty your bank accounts. It could take you months or more to get that money back.
For further information on keeping the holidays safe, check out the excellent rel="noopener noreferrer" advice found at the US Computer Readiness Team website.
Have a safe holiday season.
- About The Author
- Dave Cameron
- CISSP,Head of Information Risk Management