The holiday season is a prime time for hackers, scammers, and online thieves. Due to the popularity of Black Friday and Cyber Monday, we all need to be aware of the potential dangers online shopping can bring and the ways we can protect ourselves.
While millions of Americans will be online looking for the best gifts and Cyber Monday deals, hackers will be looking to take advantage of unsuspecting shoppers by searching for weaknesses in their devices or internet connections or attempting to extract personal and financial information through fake websites or charities. The best defense against these threats is awareness. There are a few simple steps we all can take to be more secure before and after we shop.
Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it?
Check Your Devices
Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.
Protect your devices by keeping the software up-to-date. These include items like mobile phones, computers, and tablets, but also appliances, electronics, and children’s toys. |
|
Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help. |
|
Check the devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.
|
|
Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities. |
Shop Through Trusted Sources
Think about how you're searching online? Are you searching from home or on public Wi-Fi? How are you finding the deals? Are you clicking on links in emails or going to trusted vendors? Are you clicking on ads on webpages?
You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something's probably not right.
|
Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. |
|
Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always verify the legitimacy before supplying any information. If you’ve never heard of it before, check twice before handing over your information. |
|
Don’t connect to unsecure public Wi-Fi, especially to do your banking or shopping. |
|
Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails—designed to look like they’re from retailers—that have malicious links or that ask for you to input your personal or financial information. |
|
Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link. |
|
Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information. |
|
Make sure your information is being encrypted. Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. |
Use Safe Methods for Purchasing
If you're ready to make a purchase, what information are you handing over? Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be used and stored.
|
You’ll likely make more purchases over the holiday season. Be sure to check your credit card and bank statements for any fraudulent charges frequently. Immediately notify your bank or financial institution and local law enforcement. |
|
Be wary of emails requesting personal information. Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. |
|
If you receive a suspicious email that you think may be a phishing scam, you can report it at us-cert.gov/report-phishing. |
How do attackers target online shoppers?
There are three common ways that attackers can take advantage of online shoppers:
- Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
- Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
- Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
How can you protect yourself?
- Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information.) Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the "issued to" information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
- Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
- Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. (See Avoiding Social Engineering and Phishing Attacks.) Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
- Check your shopping app settings – Look for apps that tell you what they do with your data and how they keep it secure. Keep in mind that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app.
- Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately. (See Preventing and Responding to Identity Theft.)
- Check privacy policies – Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used. (See Protecting Your Privacy.)
Bank Independent Resources
Learn how you can help protect your accounts and prevent transaction fraud on your Bank Independent debit card with the new Debit Card Management feature in Sync.
Debit Card Management is an all-in-one dashboard that lets debit card users set rules for how, when and how much the debit card can be used. Offered exclusively to Bank Independent debit card customers through Sync Online and Mobile banking, this feature-rich card management service allows you to:
- Lock your card
- Report a lost or stolen card
- Set alerts and protections
- Spending Limits – define transaction and monthly limits
- Locations – block international transactions
- Merchant types – choose from a variety of categories
- Transaction types – control the types of transactions made.
- Send alerts to your mobile device by text message, in-app or by email.
- Block unwanted transactions.
- Change your mind? Simply change your settings.