Black Friday and Cyber Monday are a great time of year to score deals on major purchases while also checking off your loved ones’ holiday wish lists. But the pressure to act fast for time-sensitive discounts could make even the most savvy shoppers fall prey to online scams.
While it’s important to stay vigilant all year-round, you should take extra care during the holiday season when credit cards are being whipped out more often than usual. Here are 5 holiday online shopping safety tips to consider to avoid falling for traps set by cyber criminals.
Set strong passwords to ward off hackers
A weak and easy-to-guess password—whether for online banking or an account with your favorite retailer where your financial information could be stored—is at the top of any hacker’s holiday wish list, says Morgan Kaja, a cybersecurity compliance analyst at the Hauppauge, New York-based Stetson Cybergroup.
- Make your password hard to guess. “Hackers can easily obtain information like your birthday, kids’ names or pets’ names just by looking at your social media accounts,” says Kaja. “Choose unique words or phrases that are difficult to guess and avoid using the same one for multiple accounts. If someone with bad intentions gets access to one of your accounts, they’d be able to get into them all—so don’t make their lives easier!”
- Use a password manager. Because remembering multiple passwords can get tricky, Kaja suggests using a password manager to keep them hidden and organized. This software application stores, manages, and protects the passwords to all your accounts in an encrypted database; all you need to get into it is one complex master password. Password managers can be used across multiple operating systems, platforms and devices.
- Choose multi-factor authentication. If a fraudster gets into your online Amazon account they could leverage your saved financial details to wreak even more havoc. To give your accounts an extra layer of protection from cybercriminals, consider enabling multi-factor authentication. This process only gives you access to a website or application after you present two or more pieces of evidence of your identity, like your password and also entering a code sent to your cell phone.
Be wary of deals that are too good to be true
In the frenzy of the shopping season, it’s easy to get overwhelmed and lose your better judgement. That’s when hackers will try to take advantage by offering deals that are simply too good to be true, whether by grabbing your attention through pop-ups on your laptop or sending you unsolicited emails. Clicking on those exciting offers could infect your device with malware and steal your financial information.
“You won’t find a PS5 for $100,” says Kaja. “So if it seems off, go with your gut and don’t click on that link. Be very selective—it’s always better to be safe than sorry!”
Don’t shop on public Wi-Fi networks
While public Wi-Fi is convenient, it’s also an open source for hackers to access the information stored on your mobile devices. Consider using your cellular data instead if you’re planning to check your bank account or make any transactions online. But if you absolutely have to access the free Wi-Fi, Kaja recommends using a Virtual Private Network (VPN) to protect your privacy and browsing activity from prying eyes. VPNs are online services that conceal your device’s IP address and turn a public internet connection into a secure private network. There are many options to choose from online, including some you can download for free, and that work on multiple devices.
Only purchase from reputable retailers and websites
Pay attention to signs you could be dealing with a fake online store or website instead of a legitimate vendor. Consider the following ways to do your due diligence:
- Check the address bar. Always check to see if the website asking for your credit card details is using https—rather than http—at the start of the URL in the address bar. That extra “s” indicates that the website is secure by being encrypted. You can also look for a lock in front of the website address. This icon indicates the website has been verified as a secure connection, says Kaja.
- Conduct background research. Even with these security features in place, it’s still worthwhile to check the legitimacy of the brand, especially if you’re unfamiliar with them, says Eric McGee, a senior network engineer at TRGDatacenters. McGee suggests checking their social media pages, LinkedIn profile and customer reviews to see what others have to say about the quality of their products and services. “Avoid websites that have a limited social media presence or few authentic customer reviews,” he says. “If you notice poor design, grammar and spelling mistakes or spammy messaging, these are signs the website may not be legitimate.”
Always practice credit card safety
Many websites offer the option of saving your payment information to save the hassle of typing it in manually the next time you purchase something. However, you should never store credit or debit card numbers in your web browser history, says Kaja. “Having to type it again is worth the headache of avoiding fraudulent charges!”
Always use credit cards for your transactions as they offer more protection than debit cards, should your purchase fail to arrive or the retailer ends up being a fraudster. Enabling purchase notifications through your credit card provider also allows you to keep an eye on all your purchases in real time by alerting you every time your card is used. If you see something suspicious, you can flag it immediately to your bank before too much damage is done.