With the largest shopping day of the year looming, and the holiday season about to be in full swing, we wanted to share with you some tips to help protect your assets, keeping your spirits bright along the way! Thanks to our partners from our Information Security Team for helping compile this important guide to protecting yourself from holiday shopping scams.
Cybercriminals are upping their realism game, attempting to trick the unwary public into accessing what they thought to be a legitimate website. So what are the hackers up to now? Well, just in time for the holidays, they're making fraudulent websites look like the real deal.
The first half of their recipe is to count on visitors to popular sites accidentally hitting the wrong keys when entering the site name. For example, a user may type "Amazoon" instead of Amazon, or "Micrososft" instead of Microsoft. The criminals will then purchase Typosquatter domains (domain names containing the incorrect spelling) which they doctor up to look like the real deal, including legitimate looking graphics, and even security certificates. Security certificates bring you the tiny lock icon in the lower right-hand corner of a secure site. Sometimes this icon can trick you into thinking the site is legitimate.
So what can you do to avoid such sites?
- Use extreme caution when entering a website’s address, save it as a favorite in your browser, then always use that favorite to access the site(s).
- Use the site’s approved app from the Apple Store or Google Play to do your shopping.
- Enable 2-Factor (aka Multi-Factor) authentication whenever it’s an option (this goes for both browser and mobile access).
- Don’t use the same username and password combination on multiple web sites. If your login information is compromised on one site, criminals can use it to access your information elsewhere.
- Use complex passwords (password generator and password vault apps are commercially available to help with this).
- Don’t click on retailer links received within an email (see 1 & 2 above).
So while you’re doing some holiday shopping on Black Friday and beyond, be mindful of the sites you are visiting and always run through our checklist.
Want to learn more about cybersecurity, fraud, and protecting your data? Head on over to our cybersecurity education page and sign up for our free newsletter.