Holiday Online Shopping Tips From the SecurityMetrics Threat Intelligence Center
Get Started with PCI ComplianceStart Here
We are entering one of the busiest online shopping seasons of the past decade. As the online payments increase, so do cyber attacks and scams, and you will likely see more junk emails and phishing in your inboxes around this time of year. The FBI reports that phishing, spoofing, and texting scams have gone up 400 percent since the beginning of the COVID pandemic.
If you do most of your holiday shopping online, you are your own best defense against cyber attacks. Here are some tips to help you avoid a security breach:
1. Take a defensive posture.
When it comes to online shopping and unknown calls or texts, you need to be on the defense. If a deal looks too good to be true, like $250 for a PS5–it probably is. The same goes for suspicious looking links, so trust your intuition if something looks off. Stay cautious and take a defensive stance before your click on anything.
As an example, we recently noticed offers for $800 RVs popping up on social media. We’ve also seen links claiming retailers like Costco are offering boxes with $25 worth of food for free if you act within 24 hours. If you see an offer like this, the first thing you should do is hover over the link. Does it lead to the retailer’s official website? You can also look up the account that posted the deal on social media. How many subscribers does the account have? Is there a listed phone number? If anything seems off, it probably is.
We are also noticing an increase in the amount of scam phone calls and text messages right now. Calls with messages such as “Your Social Security number has been compromised, call immediately to have this resolved" are likely scams. Do not call back or engage.
2. Focus on password management.
The average person uses the same original password on at least four websites. Cyber threat actors love when employees use the same password at home and work. For example, I have friends who use the same login and password on every video streaming service. So if/when their Disney+ account is compromised, the threat actor may also try accessing their Netflix and Amazon Prime Accounts. Worse yet, their Amazon Prime account is linked to credit cards.
If you have not done so already, consider updating all your passwords as we head into the holiday shopping season. Better yet, deactivate old, unused accounts and use a password manager.
3. Links = Risks
The most likely way you or your family will be compromised is through phishing emails prompting you to click on a link (with a sense of urgency). We are seeing examples of text messages or emails claiming there was a problem "with a shipment" and you need to click a link to track your package. In these situations, always go back to the order confirmation you received after placing your order. Better yet, go to the website directly that you ordered from.
Be extra wary of holiday offers, one-day deals, and promises of tremendous savings–like prices that expire in 24 hours or KSL ads for PS5 for just $250.
Staying vigilant will help you protect yourself, family, and friends. Follow these best practices as we all head into the busiest online shopping seasons of the decade. Make cybersecurity a topic of conversation with friends and family.
Remember that you are always a target, both at home and at work–now more than ever.
Matt Heffelfinger–"Heff" is preferred–is a Utah based cybersecurity professional and serves as SecurityMetrics Director of SIEM Operations. His primary wheelhouse includes leading the SecurityMetrics Security Operations Center (SOC) and Threat Intelligence Teams for multiple clients both in the USA and globally. With over 15 years of global cybersecurity experience, his career stops include Caesars Entertainment, TJX, Inc., General Electric, NBC Television and the Las Vegas Sands Corp.