The best time of the year is upon us - Don’t let online fraud ruin your fun! Millions of people have their wallets out, looking for a hot deal on their favorite holiday gift - An Alexa, a Macbook, or those designer shoes that never go on sale.
Fraudsters, anticipating the frenzy, are prepared to lure as many distracted shoppers as they can. Some have already set up shop, listed popular items at a steep discount, and are waiting for the next victim to hand them that credit card number.
In the past year, over 15 million cards were compromised online in the US alone. With the introduction of EMV-enabled cards (cards with the electronic chip), credit card fraud is slowly shifting from “card-present” to “card-not-present” crimes, such as online fraud. This type of fraud has increased by 14% this year.
Here are 5 key things to remember to help you stay safe from cybercrime this shopping season:
1. Know the merchant
Shopping from online stores that you recognize as trusted companies can drastically reduce the risk of fraud. Major stores, such as eBay or Amazon, allow third-party sellers to conveniently list their products, collect payments, and manage logistics. Plus, customers can enjoy a reliable experience and receive great customer service when needed. Some small businesses, however, may choose a different path and set up their own branded online store. A variety of reputable services, such as Shopify, are available to these vendors to provide a safer and more streamlined experience for their customers. But how can you tell if that too-good-to-be-true deal on the unknown online store is in fact, real? A quick search around the web can be very revealing. Look for reviews or scam reports. Note that ‘no online record’ is a bad sign! Here is a simple tool that I use when in doubt.
2. Use trusted payment providers such as Paypal, Visa Checkout, or Amazon Pay
Credit card fraud is becoming commonplace in the age of e-commerce. Even though most credit card issuers protect customers against fraudulent charges, customers still have to go through the hassle of replacing their cards and updating card numbers on various websites. Debit card holders are at greater risk since most debit fraud cases are not protected by the banks. When available, using secure and trusted online payment services, such as Paypal, can help reduce the risk quite significantly. Plus, not having to enter a credit card number every time you shop online is a huge convenience. These services securely store your various payment methods, verify the merchant, and protect you against potential fraud. Would you rather trust 100s of vendors with your credit card information, or trust a handful of secure payment processors to handle the transaction for you? You can make exceptions for websites that you trust and frequently visit, such as the airlines.
3. Something Phishy?
The majority of cybersecurity breaches - even at the enterprise level - happen through phishing attacks. A phishing attack is when a malicious website pretends to be the website you are looking for and convinces you to reveal information that wouldn’t otherwise. Imagine receiving an email from your bank asking you to log in to view an important message. Anxious to know what's happening, you click on the link. You are taken to a website that looks just like your bank’s - you proceed to enter your username and password, not realizing that the website is not your bank’s but a malicious actor’s imitation. You’ve been phished! The attacker can now use your login info to access your real account. The easiest way to prevent phishing attacks is to avoid clicking any suspicious links. Instead, simply type in the website address in your browser to make sure that you are visiting the real website. You can further prevent unauthorized access by enabling ‘two-factor authentication’ for important accounts. The most common way is to use your phone number as the second method of authentication. When visiting from an unknown location or device, the website will send a code to your phone and ask you to enter the number along with your password to confirm your identity.
4. Use password vaults
Let’s face it - very few people manage their passwords properly. Most people pick easy-to-remember passwords, reuse them over and over, and change them very infrequently. That is a HUGE problem. LinkedIn famously leaked the passwords of millions of users in 2012 as a result of a massive data breach. Instagram accidentally exposed some users’ passwords as recently as a few months ago. Having access to this data, all cybercriminals needed to do was to try the email address and password combinations on various other websites - hoping that users had reused those same passwords. Obviously, it worked in countless cases. The easiest way to improve your password strength is to use a secure password management service, such as KeePass, 1Password, or LastPass. These services (some have free options) can create, store, and manage your passwords for you. All you need to do is to create and remember one strong password that will give you access to your vault, where you keep all other passwords. Most password management solutions offer browser extensions, desktop, and mobile apps, allowing you conveniently and securely access your login info wherever you are. Now that you don’t ‘have to’ remember hundreds of passwords, you can allow your password manager to ‘generate’ secure passwords for every website you visit. “Se5&AH4r26hRuD2We~M08$” can finally be your password!
5. Use antivirus software
Good cybersecurity software can save you from various cyber attacks online. Even though modern smart devices such as TVs, smart speakers, or cameras are incapable of running additional software, you can still browse safely on your laptop using decent antivirus software. Most modern antivirus software comes with browser plugins that can block phishing websites and malware. However, using a whole-home cybersecurity solution can protect you, your family, and smart home (or business) against a wide range of malicious attacks all at once.
With these few simple tips, you can make sure that YOU are the one emptying that bank account this holiday season - Happy shopping!
- Araz Feyzi