The holidays are just around the corner and a time when many turn to their computer or phone to help cross off the items on their list. Online shopping has become a tool that makes purchasing items simple and easy. So easy, that it’s allowed consumers to become ‘lazy’ with their private information. Do you have your credit card saved on certain sites? Does your card information pop up with an auto-fill option? If you’ve answered yes to either of these questions, then you could be at risk. According to the Better Business Bureau, online purchase scams expose your identity and financial information, which is the riskiest form of consumer fraud. Here are some basic tips to help protect yourself this holiday season.
Multi-factor Authentication
Authentication is how you prove you are who you say you are when logging in – such as a password. However, if someone other than you knows your password, they can gain unauthorized access to your account. Multi-factor Authentication is exactly how it sounds – providing multiple methods of authentication for a more secure login. Oftentimes it involves the consumer logging in with an email and password, then using a code that is sent to their phone or email, which is then inputted into the site to be authenticated. Other forms may include a fingerprint or PIN that you’ve set up beforehand. Oftentimes, MFA is required only when logging in with a new device or browser for the first time. It is highly recommended to enable MFA wherever possible.
Password 101
When choosing a password, it’s crucial to make it unique for each account you are logging in to, such as work accounts and social media sites like LinkedIn. While it’s tempting to use words, names and numbers that are familiar to you, it’s important to remember that those are the easiest accounts to crack – putting you at risk of identity theft.
- Try a passphrase, which is a string of words that are abbreviated, have letters substituted for numbers, or are held together by dashes.
- Aim to have your password at least 16 characters long.
- Struggling to be creative? Replace letters with numbers or symbols, such as S, $, and 8.
- Capitalize various letters throughout.
- When in doubt, try a password generator.
- A secure password manager can greatly assist with maintaining different passwords for different accounts.
Be Aware of the Most Common Scams
Phishing
Phishing is when someone sends an email or message pretending to be a reputable company in order to gain access to and steal private personal information. Be cautious of texts or emails urging you to click to claim a good deal or prize. This is also common on social media. Once you click on the attached phishing link, your information or sensitive credentials can be stolen. To help with this, avoid direct purchases on social platforms and never click links or attachments from unknown sources.
Malware
Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Malware attacks are some of the most common cyber attacks when it comes to workplace security. Malware comes in many forms, such as:
- Worms
- Trojans
- Ransomware
- Spyware
To help prevent malware attacks, follow these best practices:
-
- Install updates for your computer or apps, especially when prompted to fix any security vulnerabilities.
- Be cautious of what you download on the internet and only download from trusted sources.
- Beware of email attachments and only open files from sources that you trust.
- Ensure an anti-virus software is installed on your computer and is up to date.
Smishing
“Smishing” is a combination of “SMS” and “Phishing”. Smishing is when cyber criminals send a fraudulent text or SMS pretending to be a business. The purpose is to get you to click a link that may contain malware. To help protect yourself, ask yourself: would this organization text me? Avoid clicking links too. And if in doubt, contact the company by phone to verify authenticity.
Social Engineering
Social engineering is the psychological manipulation of someone to gain control of their computer system or personal information. These types of scams (delivered by phone or email, or even in person!) are often fear-based, urgent requests, or opportunities that can’t be passed up, with the criminal hoping to capitalize on your emotions to get money or your confidential information. The biggest tip to avoid falling victim is to take the time to fully investigate it and not make a hasty decision.
The Red Flags of Phishing
Being vigilant against phishing attempts is paramount, and the crucial part of this is being able to recognize signs within these deceptive emails. Here are a few to look out for:
- Suspicious sender's email address:
-
- E.g. You receive an email from "support@amzn.ca" claiming to be Amazon, but the real one is "amazon.ca".
- Language designed to create pressure
-
- E.g. Email uses urgency or fear tactics to pressure you into immediate action.
- Unanticipated links or attachments
-
- E.g. An email with an attached invoice file coming from an unknown source.
- Unusual email format
-
- E.g. No branding or signature and includes images that have links to it along with typos.
- Too good to be true offers
-
- E.g. An email claiming you won a vacation, even though you never entered any contest. It will ask for your identification.
More Tips to Protect Your Identity
Don’t save credit card information in your web browser
It’s so easy to say ‘yes’ when your web browser asks if you’d like to save your credit card information for an easier check-out in the future, but experts warn against it. We get it, it’s convenient and easy, but also not secure, meaning your information is at risk. Instead of keeping it stored, take the extra few seconds at checkout to put your card in manually.
Never make purchases on public Wi-Fi
You might be tempted to make quick purchases while at your local coffee shop or waiting for an appointment, however, public WiFi typically shares the same passwords, which allows hackers to intercept the signal from your device. Scammers are also able to create free Wi-Fi networks that are designed to steal your information. If you must conduct over public Wi-Fi, consider using a VPN to secure your connection.
Be aware of fake online shops
There are hundreds of thousands of websites that sell goods, and that number skyrockets during the holiday season. Buy on sites you are familiar with or do your research to ensure the website you are buying from is legitimate. Legitimate online shops have a standard policy regarding returns and exchanges. Fake ones don’t. Be wary of too-good-to-be-true deals, flash sales, or unusual payment methods. Another tip? If googling the site, never click on the one with ‘Ad’ beside it, as it could be a decoy to lead you down the wrong path. Remember, if it seems too good to be true, it probably is.
Use a credit card designated for online purchases only
While having a secondary card strictly for shopping online may not be ideal, it has a great upside. Having a designated card makes it easy to spot fraudulent transactions, and if your card is compromised, allows you to cancel it without much hassle.
Check statements regularly
Whether you have a secondary card for online purchases or not, it’s always smart to check your statements or transaction history regularly. Sometimes thieves make the smallest purchases that are unnoticeable to you but add up in the end. It’s good practice to stay on top of it and even set an alert for when any purchase is made using your card. If you do see a fraudulent charge, be sure to report it immediately.