Best practices for shopping safely this holiday season

Black Friday, Cyber Monday, and the holiday season have become prime targets for cybercriminals in recent years, as online retailers make it a global phenomenon that is no longer a one-day only event. As we approach this time of the year, cybercriminals will be looking to take advantage of the millions of shoppers who will take to the internet in search of the best deals.

This holiday season, more people than ever before, will shop online in the interest of public safety due to COVID-19, some of whom will have little to no previous experience navigating online shopping and almost no internet security knowledge.

It is critical that shoppers understand how cybercriminals typically target their victims and what you can do to reduce your risks of being susceptible to stolen personal information or scam websites that phish for online credentials and payment information. 

Ultimately cybercriminals want your money and will do everything they can to get it, but if they can’t get your money, they will take the next best thing and that is your personal information to sell it.  If unsuccessful they might resort to destructive methods and that is of course ransomware which will encrypt your data.    

Here are some simple tips retailers and shoppers should consider ahead of this holiday season:

1.)    Enhance Password Strength and Use HTTPS Sites

One of the best and most simple security measures an individual can implement is the creation of a strong password or use a password manager that will create strong passwords for you. Most online retailers will not inform users how weak a password may be or when it should be changed. Therefore, users must take proactive responsibility for creating strong passwords. The same password should NEVER be used twice and using password phrases can be the most effective approach. Users should also focus on using websites that have HTTPS in the URL, where data transferred between the web browser and the website is encrypted for enhanced protection.  However, it is important to know that HTTPS only means the traffic is secure and you want to be 100 percent sure that the website you are shopping at is a trusted vendor.  Make sure to check the URL is the official one.  To keep passwords strong and unique please use a password manager so you only need to create and update one very strong passphrase.   

2.)    Provide Limited Personal Information

Many online retailers require customers to create an account before a purchase can be made. In events where this is required, a user should only enter the basic information needed to activate the account. Providing excessive information such date of birth, identity document details and phone numbers can increase cybersecurity risks where cybercriminals can obtain this information. If a user already has this information set, it is important that it is hidden or removed from a profile.

3.)    Create Multiple Accounts and Avoid Use of Public WiFi

The creation of multiple accounts can limit the amount of risk a user’s information is exposed too. Setting up a few email accounts each with a different purpose is a good security practice (i.e. individual accounts for making purchases, subscribing to newsletters and using services that require an email address such as public Wi-Fi).  Use a password manager to maintain each of these accounts.

Users should also avoid using public Wi-Fi network without VPNs when making online purchases, where possible. If you do need to use public WiFi, be aware of suspicious ads, be a least privilege user while browsing and always assume your data is being monitored. Best practice however is using your cell network personal hotpot over public Wi-Fi, when possible.

4.)    Be Cautious of Hyperlinks

It is critical that consumers remain highly vigilant when receiving any messages or emails with a hyperlink attached.  Before clicking on any links, a user should ask themselves, do I know the person who is sending it or do I trust this website? Many of these links will be malware or spyware, designed to steal or access personal data. Before clicking, stop and think.

5.)    Credit Cards are Best

When making online purchases, shoppers should use a credit card or secure payments that has internet protection as opposed to a debit card which has significantly less protection. This should be done while also incorporating earlier tips like using trusted vendors HTTPS websites and avoiding public Wi-Fi.

Photo credit: pathdoc / Shutterstock

Joseph Carson is Chief Security Scientist and Advisory CISO, Thycotic. He has more than 25 years of experience in enterprise security, an InfoSec Award winner, author of Privileged Account Management for Dummies and Cybersecurity for Dummies. He is a CISSP and an active member of the cyber-community, speaking at conferences globally. He’s an advisor to several governments, as well as critical infrastructure, financial and maritime industries.