5 Tips For Online Holiday Shopping
2020 has obviously been a strange and challenging year for everyone and as we wind down and prepare for the holidays, one more obvious change is upon us. In-person shopping is much different and in some cases, non-existent. This Thursday is Thanksgiving in the U.S. and the next day is Black Friday, the busiest shopping day of the year. But with COVID-19 precautions still in place, we likely will not see the hoards of people fighting for a great deal on clothing, a toy, or electronics. Instead, many shoppers will be turning Black Friday into an early Cyber-Monday as they shop online for holiday gifts. In fact, we have already seen a 75% increase in online shopping due to the pandemic and this weekend will likely see the most online sales in history.
Many people will happily replace the tradition of fighting over deals at the mall, with online shopping in their warmth of their house while sipping on a cup of coffee. However, there are still dangers that everyone should be aware of and we will share some tips to make your online shopping experience more secure.
Where to Shop - Shop with reputable companies and websites. Scammers are setting up fake websites to look like online retailers, so make sure you are on the correct website before entering in any information.
Secure Shopping - Be sure the sites where you shop are using https to encrypt your traffic before you enter in any information. To do this, verify that the padlock in the URL bar is closed and not open.
Phishing - You will likely get a LOT of email advertising Black Friday or Cyber Monday deals. While most of them are likely to be valid, scammers and criminals will be sending lots of phishing email to try and trick you into sharing personal or financial information. Do your best not to click on links in email, text messages or social media but if you have to click to get the deal, be very careful to check the URL and make sure it is authentic before you log in.
Passwords - Use strong, unique passwords for every account.
Password Manager - Let’s face it, we all have away too many online accounts to remember all of the passwords if they are long, strong, and unique. So, we all need to use a password manager. If you’re not using one, just try it out. It will make your online life a lot more secure and likely a lot easier.
Multi-factor Authentication (MFA) - Enabling MFA on your accounts means that in addition to your username and password, you will need something else to verify that you own your account. This is usually done by sending you a text message or using an authenticator app that gives you a code which you enter into the login screen of your account. By enabling MFA, criminals are unable to gain access to your account, even if they have your password.
Payment - Don’t use a Debit Card; they are not protected in the same way that credit cards are. You would hate to have your debit card compromised and have your entire bank account emptied by an attacker. Instead of paying with a debit card, try one of the following options.
Apple Pay or Google Pay are a secure alternative to using a debit or credit card. These services send a token to the retailer which verifies your payment so the retailer never has access to your credit card number. If the retailer becomes the victim of a data breach, your credit card won’t be compromised.
Payment services - Similar to Apple Pay and Google Pay, services like PayPal or Amazon Pay protect your credit or debit card number from being transmitted or stored on the retailer’s systems.
Virtual Credit Card - If you don’t have a credit card, consider linking your debit card or bank account to a virtual credit card service like privacy.com that will give you a new virtual credit card number for each vendor. Another nice feature of this service is that you can put spending limits on your virtual cards so criminals can’t steal more than your spending limit if they do get your card number.
Credit card - If none of the above options work for you, the credit card is a reasonably safe means of online payment. Just make sure you keep an eye on your statement every month, looking for purchases that you didn’t make. If you do find unauthorized purchases, contact your financial institution immediately.
If you believe you are a victim of a scam, report the incident to your local police, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI's Internet Crime Complaint Center (IC3) page.
Additional References:
Cybersecurity & Infrastructure Security Agency (CISA)
CISA’s Online Shopping Tips
CISA’s Holiday Online Shopping page
CISA Online Holiday Shopping Scams https://us-cert.cisa.gov/ncas/current-activity/2020/11/24/online-holiday-shopping-scams