This is part one of our holiday shopping security series
It's the time of year when people start making both online and in-store purchases for their loved ones. When holiday deals appear, most people enjoy indulging the spirit of giving. Unfortunately, many identity thieves and cybercriminals don't feel the same spirit and often target holiday shoppers.
According to a recent poll conducted by Branded Research, 7 out 10 U.S. consumers said that identity theft protection and cybersecurity are important to them when they do online holiday shopping.
Director of Insights at Branded Research, Kristen Miles, explained that "women are slightly more likely than men to say that identity theft protection and cybersecurity are very important to them when online holiday shopping. And older consumers over the age of 45 are more likely than consumers under the age of 44 to say that identity theft protection and cybersecurity are important to them when online holiday shopping."
The real tragedy is that there are still many holiday shoppers who fail to take the precautions to keep their identities safe, which, unfortunately, makes them easy targets. You may be pleased with how much you save on holiday gifts, but you may not even realize just how much you've sacrificed when it comes to personal security.
As our gift to you, we asked identity theft and cybersecurity experts to provide security tips and advice for online holiday shoppers this season.
Dr. William Rials, Associate Director and Professor of Applied Computing and Technology at Tulane University School of Professional Advancement
"Do not use public computers or public wireless internet access for your online shopping. Public computers and public wireless networks are not safe. They may contain malware and viruses. Do not conduct any financial transactions from public computers.
Do not click on any pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey or even offering a great deal, these could be social engineering attempts designed to convince you to open malware or click on a malicious link. Often, it is challenging to close these windows with your mouse because criminals will disguise the close button 'X' to appear normal, but it is actually a malicious link containing malware software code with nefarious intent. Close these windows by pressing Control + F4 on a Windows computer and Command + W on a Mac.
Avoid using auto-save options to store your personal information for future purchases. When shopping online, you may be given the opportunity to save your personal information online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.
Use strong passwords; always use more than ten total characters consisting of upper case letters, lower case letters, numbers, and special characters to create a strong password. Establish a strong password for each online shopping account. Avoid the temptation of using the same password at every online store. It may be convenient, but your online safety vastly increases when you use a separate and unique password for each account. If one online store experiences a cybersecurity breach in which your password is compromised, using the same password between accounts from different online stores makes it quick and easy for criminals to exploit you and your information. If you have trouble keeping up or remembering all the different passwords, it is a good practice to use a password manager such as LastPass, Dashlane, KeePass, 1Password, KeePass, EnPass, or others.
Secure your computer and mobile devices. Practice good cyber hygiene before you attempt to shop online or in-store. Many traditional on ground retailers are offering mobile application to enhance the in-store shopping experience as well as online. Be sure to keep the operating system, software, and apps updated and patched on all of your computers and mobile devices that you use with retailers. Use up-to-date antivirus protection and make sure it is receiving updates. Using an unpatched computer to shop online is an easy way for cyber criminals to exploit your information.
Pay online with one credit card. Your safety is increased when you shop online and in-store by using a credit card rather than a debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was stolen or misused. By using one credit card, with a lower balance, for all your holiday shopping you also limit the potential for financial fraud to affect all of your accounts."
"Online holiday shoppers have to be more careful than ever to protect themselves from cyber attacks. Shoppers must be wary of unusual requests for payment when shopping during the holidays. Black Friday and Cyber Monday scams often try to lure shoppers to look-alike retail websites and then trick them into entering private information or downloading malware onto their computer. These scams try to instill a sense of urgency and rush shoppers into a decision. Instead of rushing to click 'buy', stop and assess the website to make sure it's legitimate and not a look-alike. If it seems too good to be true, it probably is."
Steve Weisman, Scam, Identity Theft Expert, and Owner of Scamicide.com
"When shopping online you should make sure that you are actually on the website of a legitimate store. It is best to use the websites of retailers with which you are familiar to avoid falling for a scam in which a phony non-existent store is not actually selling anything, but merely taking your credit card number.
Always be a bit skeptical when the price for an in-demand gift is being offered for a ridiculously low price. It is a truism that if it seems too good to be true, it usually is. However, even if you believe you are shopping at a legitimate online retailer, you may be shopping at a website merely designed to look like the real website.
You even may wish to use the service of www.whois.com
for domain lookups by which you can find out if the website you are using is actually the legitimate business website by finding out who owns the website. For instance, if you think you are on the website of Wal-Mart and the domain name is owned by a company in Nigeria, you can be pretty sure that it is a scam. Don't trust a website to be legitimate merely because it turns up high in a search engine search. Sophisticated scammers are adept at manipulating the algorithms used by search engines to rank websites to place their phony websites high in a search engine search."
Victor Congionti, CEO of Proven Data
"When people shop online, they should always be on the lookout for fraudulent websites that are designed to imitate a major retailer website. These counterfeit websites are created by bad actors and hackers to trick people into 'shopping' on their website. Digital thieves then use your login credentials or credit card information to make other purchases or compromise your identity further.
For online shopping, always check the URL on the website page to ensure it is secure and has an official security tag (HTTPS). This is a signal that the website uses high-grade encryption and will keep your financial information safe from being intercepted by a hacker. Check the details on the website (proper images, logos, text) and if something doesn’t feel right, it probably isn’t safe to proceed."
"Ideally one should avoid using your actual credit card number when making purchases online and also avoid using your actual home address. But can this be accomplished? Bank of America has a service called ShopSafe whereby you can generate a new one-time-use credit card number for a specific dollar amount and for a specific expiration date for each online purchase. This means that if someone should hack into a merchant who might be storing your credit card information they will only obtain an unusable number. In addition, if you have a post office box, then you can use that address as your billing address instead of your home address (and still have any packages delivered to your home address).
Be cautious about what you share online. That is, you should not advertise when you are taking a new job, traveling extensively, and so forth. This may leave you vulnerable to physical theft at your home and information about your family may provide information to identity thieves that will allow them to more easily create a false identity.
Shop only using a secure network. That is, do not shop using a public Wi-Fi network. If you should provide sensitive information (driver’s license number, Social Security number, credit card numbers) it could be intercepted and stolen."
Jonathan Gossels, President of SystemExperts™ Corporation
"Consolidate all of your online purchases onto a single credit card; when you get your monthly statement it will be much easier to recognize any fraudulent charges.
Don’t download any software programs from a shopping site — modern browsers have all the software you will need for routine cyber-shopping. If a site asks you to download software, leave the site and close your browser because the site is most likely trying to trick you into downloading malware onto your system.
Don’t enter your credit card number or any personal information into any web page that doesn’t show the encryption lock or https://: at the beginning of the URL (website address). That https tells your browser to send your content across the internet in an encrypted form so your credit card and other sensitive information can’t be read or intercepted in transit. The encryption lock icon is the symbol for HTTPS encryption."
"The number one thing people should avoid while shopping online is, paying by credit card. While this may sound like an impossible task, many popular online stores allow you to pay via Paypal or Apple Pay, both of which are great alternatives to entering your credit card information. And with all the data breaches that have happened over the past few years, you can never be too safe with your sensitive information."