A CreditCards.com survey shows more than two out of three (71%) holiday shoppers plan to do most of their seasonal shopping online this year, up from just over half (51%) last year (2019). As more people choose the comfort of their own homes over waiting in lines at brick and mortar stores to do their gift purchasing, hackers and cyber criminals will be upping their game as we enter the holiday season. We've covered many of these topics before in our best practices series, so we did a round up below of all of these tips and more on how to keep yourself safe when shopping online during the holidays (and all year round).
Keep your operating systems up-to-date. Make sure operating system and software updates are enabled. Software companies frequently push out bug fixes and vulnerability patches. Always update your system or software when prompted sooner than later. Ensure antivirus software is loaded onto your PC and enabled to scan for viruses in real time, as well as a weekly scheduled full system scan. The best time to schedule a full scan is when the computer is left on but has no user interaction.
Use a credit card only for online purchases. This is recommended because most credit cards come with fraud protection, making it easier to dispute unauthorized purchases and getting a quicker refund. With a debit card, you may have to wait a longer period to get a refund, or frustratingly, even have your account frozen for a long period of time.
Pay attention to site URLs, and avoid clicking on unfamiliar or suspicious links. It's very easy for a legitimate business website to be spoofed. In a more recent phishing trend, hackers buy domains of commonly misspelled business sites in attempt to spoof legitimate businesses and financial institutions. This trend is known as typosquatting. These fake websites could be filled with malware, or be set up as a way to steal any personally identifying information, such as credit cards or passwords. Additionally, some hackers use phishing as a way to get you to their fake sites. For example, let's say that you receive an email that contains the hyperlink www.bedrocktech.com, but when you hover your mouse over the link, it shows a slightly different URL: www.bedr0cktech.com. Do not click the link, and delete the email immediately.
Check a website's connection to ensure it is secure. Look for the padlock symbol next to the website address. Alternatively, a secure website will start with HTTPS instead of HTTP. What's the difference? HTTPS is the encrypted and secure version of HTTP. The encryption prevents third-parties from intercepting information. You could also add the free browser extension HTTPS Everywhere for Chrome, Firefox, and Opera, which automatically encrypts all of the websites you visit. Unfortunately, Krebs on Security recently reported that half of all phishing sites now have the padlock symbol. We recommend reviewing our previous tip on checking the spelling of the site URL you are visiting.
Create lengthy and complex passwords. As you sign up for new accounts, create completely unique and lengthy passwords for each account. Do not reuse passwords. Use a password manager like LastPass to generate and save passwords if you are concerned about forgetting them.
Enable two factor authentication. If you’re not using two-factor authentication where it’s provided, it’s time to change that now. When you enable this feature, anytime someone tries to sign in to your account, a code will be texted to your phone or sent to your e-mail. This adds an extra layer of security to your account.
Make it a habit to log out of your accounts when you're not using them. It's a best practice to log out of accounts and close browsers when you're finished in the event someone gains access to your computer or device. Better yet, perform a "spring cleaning" and delete or close any old accounts you not longer use.