With the biggest cybercriminal hacking holidays of the year upon us, it's time for a reminder of red flags to pay attention to when shopping either online or in brick-and-mortar stores.
1. Make sure devices are up to date
Whether you’re using your laptop, smartphone or other device, having basic security measures in place will lessen your chance of being a victim, but bear in mind the rest of these tips to stay safe.
2. Be careful when using public wi-fi
Never share private information on a public wi-fi network, even if you think it's safe. Wireless network names are fairly easy to fake and sensitive data like credit card details, login information, etc. can be easily intercepted. Kevin Mitnick breaks down exactly how this is done:
3. Use strong, unique passwords
Well over 900 data breaches so far this year have exposed hundreds of millions of records! You better believe that information is being sold and the more accounts you have that use the same username and password , the greater the risk for being hacked.
4. Fake apps
We warned earlier this month about fraudulent apps showing up in both the App Store and Google Play but it bears repeating. Before even downloading any app do some research on the publisher, app creation date, and reviews to give you a good start at spotting a fake. Look for misspellings of popular apps and remember that retailers who don’t actually have an app are especially vulnerable. Better to go to the website directly and check for the official link yourself.
5. “There was a shipping problem with your order”
Smells like a scam! Other phishing emails to be wary of are fake invoices, fake refunds and any urgent email persuading you to open an attachment, click on a link, or fill out a form. Attached documents containing malicious macros are back with a vengeance, making it critical to pay very close attention to these types of emails. When in doubt, always go directly to the vendor if you think there may be a problem.
6. Pay close attention to the websites you visit and shop on
How did you get to this website? Via email? Maybe an ad for a killer sale? Beware of bad links in phishing emails, counterfeit copies of legitimate sites, and malvertising (yes those can be found on legitimate sites too). Copied sites can be made to look nearly identical to the real thing. Basic red flags are bad grammar/spelling, shady contact information and unheard of deals on expensive items. See these other signs to tell if the website is legit. Even if the site is real make sure it's secure, look for https with a lock.
7. STOP oversharing on social media
'20 questions about me' type posts are a goldmine for criminals. Posting that information publicly makes it a lot easier to guess your password, answers to security questions, and makes you a bigger social engineering target.
8. Free gift card/iPad/insert must-have item just for filling out a survey or form
Often these are scams looking for your personal information that get sold to other cybercriminals. Make sure any offers you sign up for are authentic before giving up any information.
9. Use a credit card (no debit cards)
If cybercriminals get their hands on your debit card, it's very easy for them to quickly drain your bank account. You can always reverse charges on a credit card if necessary.
10. Keep an eye on your bank accounts and monitor your credit report regularly
Fraudulent spending often starts with small purchases (think $1-$5) that would normally go unnoticed unless you're looking at your transaction history. The sooner it's spotted the easier time you will have getting your money back.
Always remember to think before you click and IF IT SOUNDS TOO GOOD TO BE TRUE IT PROBABLY IS!
