November 5, 2018
Ah, the holidays: a time for stockings, menorahs, cookies… and fraud?
If you’re not careful, then maybe. And, you certainly don’t want anybody stealing your hard-earned savings. Right?
While Juliana Gruenwald of the Federal Trade Commission (FTC) says this time of year “doesn’t necessarily pose a bigger threat,” she admits that the sheer volume of holiday shopping does “present more opportunities for scammers.” During the 2017 holiday shopping season, for example, ACI Worldwide reported one out of every 85 e-commerce transactions was a fraudulent attempt — an increase of 22% over the previous year.
What to do? To ensure this holiday season is full of cheer rather than chicanery, take these 10 steps today.
1. Update Your Passwords
The time to update your passwords is now – not when you’re in the throes of a Cyber Monday bargain frenzy.
“The most basic — and also most ignored — cybersecurity practice is maintaining strong passwords,” says Idan Udi Edry, CEO of Trustifi.
He urges you to create unique passwords for every site, and to update them every 30 to 90 days. Passwords should never include important names or dates, he says, but rather “a series of random numbers, upper and lowercase letters, and special characters.”
Although this sounds like a hassle, it’s super easy with a password manager like LastPass or 1Password. No more trying to come up with secure passwords you can remember (an oxymoron, if you ask me); LastPass does it for you for free.
2. Turn on 2-Step Verification
Take a few minutes and turn on 2-step verification for major accounts like Google, Facebook, and Apple. You can usually find this option under “security” or “settings.” Once you set it up, the site will require additional verification every time you attempt to sign in from an unfamiliar device.
Edry says a text or call to your phone is more secure than emailed codes or additional security questions. But anything is better than just a password, as he says that even one “additional verification step encourages cybercriminals to switch to an easier target.”
While you’re at it, update your computer and Internet browser, too. And before making any online purchases, make sure the site is secure by looking for “https://” at the beginning of the URL (the “s” stands for secure).
“Cybercriminals seek vulnerabilities in dated software to carry out their attacks,” adds Edry.
3. Use Your Bank’s Security Features
Although credit cards generally offer more consumer protections than debit cards, you can make debit cards safer by taking advantage of your bank’s security features.
The Chime banking app, for example, allows you to easily block debit card transactions. All you have to do is turn off “allow transactions” or “allow international transactions.” Some users actually keep it that way until they’re about to make a purchase. Since it’s just a quick toggle, it’s easy to switch when waiting in the checkout line.
4. Don’t Save Your Details
I know, I know: It’s a pain to type your card details into every site. But it’s better than getting hacked, right?
“Even if you’re using a site that you trust, keep your details secure,” says Jennifer McDermott, a consumer advocate for finder.com.
“It may be annoying to re-enter it every time you want to make a purchase, but it’s a small price to pay for additional security,” says McDermott.
Taking it a step further, you can also employ a virtual credit card number. These cards serve as proxies for your regular cards by using disposable account numbers. This means if a thief gets ahold of your virtual number, you won’t have to cancel your regular card. Ask your card issuer for more details on this service.
5. Avoid Clicking Links
An email or text arrives from your favorite department store, announcing that everything is 80% off — for today only. Is this an early Kwanzaa gift or what? Though most of us would be tempted to click that link, experts advise proceeding with caution.
“Links or attachments may be infected with malware designed to steal your data,” says Adam Levin, the founder of CyberScout and author of “Swiped.”
“Or they may direct you to a clone website that looks legitimate, where you’re prompted to enter personal information that’s sent to the fraudster,” says Levin.
Even if an email looks real, don’t click the links — and instead go directly to the retailer’s official website. If the deal is legitimate, it’ll be advertised there.
Robert Siciliano, CEO of Safr.Me, says you should also be wary of gift cards that arrive via email. If the card comes with a code that allows you to claim the gift, it might be real — but if it asks for your credit card information, it’s probably a scam. He says typos are a good indicator that there’s something fishy going on.
6. Send Encrypted Emails
Not only should you pay attention to what’s coming in over email; you should also pay attention to what’s going out.
“Consider the types of attachments commonly sent over email,” says Trustifi’s Edry.
“Legal records, driver’s licenses, W4 forms, real estate records, corporate financial records, credit card information, addresses, health records, social security numbers, etc. These sensitive pieces of data and information are exactly what hackers target.”
To keep yourself safe, Edry recommends sending encrypted emails, a service which his company offers. For more email encryption options, check out this article from Consumer Reports.
7. Don’t Shop Over Public Wifi
You’re at an airport or a coffee shop, and even though you know it’s not a good idea, you buy something over the public wifi. You need to get that holiday shopping done, after all!
While we’ve all done it, Edry says this is a big mistake. You should never access your bank account or use a credit card over a public network.
“Only complete those transactions when you’re on a safe network, like your house,” he says. “That includes using any passwords you’re worried a hacker might compromise.”
If you really need to complete a transaction, then use your phone’s hotspot instead of the public wifi. As Edry says: “It won’t be very fast, but it will be more secure.”
8. Watch Out for Job Scams
Whether you’re working at your local UPS or as a mall Santa, getting a holiday side gig is a fantastic way to afford gifts and holiday parties. According to Levin, however, it’s also an easy way to get swindled.
“Beware of work-at-home and mystery shopper ads, as these are usually scams,” says the Cyberscout CEO.
“The key to landing a real seasonal job is to start early, then research the company by going to their website or checking with the BBB. And never give out your Social Security number to unsolicited callers,” says Levin.
9. Use Coupons With Caution
I’m all about using coupon codes and shopping portals to maximize rewards when buying gifts online. But, as Safr.me’s Siciliano says: “If [a coupon is] too good to be true, then it’s too good to be true.”
He says that coupon sites that request personal information, or have typos, poor punctuation, or pop-up windows, should “send you running.”
However, this doesn’t mean avoiding all coupon sites. Personally, I love RetailMeNot and Honey.
10. Monitor Your Accounts
According to a finder.com survey, the majority of fraud victims (54%) didn’t find out their information had been compromised until a retailer declined their card. Not only is that embarrassing and inconvenient, it also means you’ve given a thief plenty of time to rack up charges.
“You can’t rely on your credit card issuer to notice fraudulent behaviour,” says McDermott, who works for the site.
“Make checking your statements a regular habit and ensure you can vouch for every transaction made, even if it’s small. Often thieves will make a small transaction first as a test, and then when it goes unnoticed, a larger one,” says McDermott.
If you notice any suspicious activity, report it immediately to your bank or card issuer. Though you’ll probably need to get a new card, it usually takes no more than a few days to arrive.
Sit Back — and Drink Some Cocoa
While securing your finances and personal information might seem like a lot of work, it’s important to take these steps so that you can minimize your chances of becoming a victim of fraud.
“The holiday season is the season of giving — and also a season for criminals looking to steal your cheer. Be proactive and remember that staying cyber-safe means having a fraud-free holiday!” says Levin of Cyberscout.