The holidays are upon us. If you are anything like me, it is only now occurring to you just how close they are. And whatever you celebrate (Festivus, anyone?), the common theme seems to be shopping for gifts. This big surge in retail consumerism also magnifies some of the information security threats to your personal finances, as well. Criminals know that you will likely be fitting hurried gift shopping into your already busy schedule. This is often the case for entrepreneurs who already have no time, and frequently also really need the lowest price. Shopping for the best deals in a hurry can incentivize ‘taking a chance’ that ends up costing you money and misery. Here are some things to keep in mind while you plow through the tinsel and holly:
When Shopping in Person:
- Don’t use public WiFi for anything sensitive. Coffee shop or department store WiFi is fine for navigating to a website or doing a price comparison. However, a favorite trick of cyber criminals is to hang out in public places and impersonate a public hotspot (here’s a recent and well-explained demonstration) to gather data like credit card numbers, login credentials, etc. These impersonated hotspots can be hard to detect – they look and feel like the real thing. So avoid entering any personal info – disconnect and actually make any transactions or enter any credentials using your own cellular data plan.
- Don’t give out any personal information that isn’t necessary. Keep a separate, free email account (with a different password) just for mailing lists. If something is not being shipped, then decline to provide home address information. The idea is to make it as hard as possible for a criminal to piece multiple pieces of information together and use them in an attack. Less is more.
When shopping online:
- Beware of stores you are not familiar with. The internet is crammed with fake storefronts this time of year, often using amazing deals as a lure to get your credit card info. If a deal seems too good to be true, assume it is. Also, never click on a link to be taken to an online shopping site, enter the web address manually. This will prevent you from being unknowingly redirected to a fake version of a reputable store. Check the web address bar for ‘https://’ at the beginning of the site’s address (ensuring an encrypted connection) before you enter any login information.
- Don’t use debit cards for online shopping. If something goes wrong, your rent money may be tied up for days or weeks while you sort out a fraud case. Use a credit card instead, to provide a layer of separation between a criminal and your bank accounts. If you don’t have a credit card, check to see if the site accepts an alternate service like PayPal. If your bank (or credit card provider) offers one-time use card numbers, definitely take advantage of that service to minimize your exposure.
Additionally, all the normal rules apply—all you accounts should have unique passwords that are complex and uncommon (not Password123). As mentioned above, you should be looking critically at a website for signs of phishing and not using public internet to transmit sensitive information. Protect your work email and don’t use it in these types of transactions.
It is unfortunate that the holidays can often motivate people to criminal behavior, whether out of simple greed or desperation. However, the good news is that the same basic rules which protect you year-round are still the best protection. Remember the basics, and stay smart, and you’ll have the best chance to avoid trouble. Here’s to online bargains, and a safe and happy holidays!