Last updated at Wed, 27 Nov 2019 15:15:55 GMT
The season of online holiday shopping is upon us! With nearly every retailer giving their best deals on Black Friday and Cyber Monday, the increase in online traffic and the likelihood of people letting down their guards mean it’s a prime time for hackers to do their worst.
Here are five types of cybersecurity attacks to watch out for while you’re doing your holiday shopping this year:
Keep passwords and personal data safe from phishing
If you work in cybersecurity for a living, you probably know that the No. 1 threat to any organization’s IT security is its employees’ vulnerability to phishing attacks. According to a recent study, phishing makes up to 93% of all breaches investigated, and 96% of those cases were due to an employee clicking on an email.
The holiday season can be an even more dangerous time for phishing because we’re on the lookout for holiday shopping notices or special deals from retailers. The best defense is to double down on your normal anti-phishing precautions by doing the following:
- Don’t click on links in emails—instead, navigate directly to a company’s URL
- Keep your software up-to-date on laptops and mobile devices
- Ensure websites you visit are encrypted
- Use two-factor authentication (just in case a phishing attempt actually gets through)
Don’t let your phone make you a victim through vishing and smishing
While you may be pretty good at avoiding clicking on links from sketchy emails, attackers can use other vulnerabilities to get your information. One such method is through your phone, where an attacker can leverage SMS or voice communication. These types of attacks are called smishing and vishing, respectively. If you’ve ever received a call from someone claiming to be from “Microsoft” who has noticed “something wrong with your computer,” you’ve seen vishing in action. These calls may be easy for a professional to spot, but because they tend to take place in more “live” settings, it can be easier to be manipulated into giving away information than you might think.
The best defenses against vishing and smishing are pretty close to avoiding phishing:
- Don’t trust unknown callers—hang up and call a business’s listed phone number instead
- Never click on links in text messages from someone you don’t know
- Don’t give private information (i.e., account details, PINs, passwords) over the phone or via text
Watch out for malware
While email phishing can be straightforward and somewhat easy to spot once you know what to look for, malware attacks come in an array of increasingly sneaky colors that can evade even the best anti-malware software. Malware is a bigger threat during Cyber Monday and Black Friday because we may be visiting sites looking for the best deals without double-checking a URL’s credentials. While security software and encryption can help keep your personal computers safe from unwanted downloads, mobile devices can be much more vulnerable due to unofficial applications, as well as unguarded Bluetooth or WiFi connections.
As with phishing, the best way to prevent malware infection is to keep up what you normally do:
- Install reliable antivirus software and keep it up-to-date
- Scan your computer daily
- Disable autorun or auto-download
- Think before you click on links
- Back up your files regularly in case you do become the victim of malware
Be smart when shopping online
You may have a few trusted go-tos for Cyber Monday—companies you’ve shopped at for years and trust not only to give you the best deals of the season, but to also keep your data safe from harm. Hackers are very aware that people are on the lookout for great deals after Thanksgiving, and they’re ready to take advantage of your vulnerability. Here are a few steps you can take to keep yourself safe:
- Make sure you’re buying from a reputable vendor
- Check for SSL certificates and encryption (look for “https://”)
- Use a credit card instead of a debit card or direct bank account transfer
- Double-check your credit card statements to catch fraud as soon as possible
Understand the risk of fake charities
The holidays are also a time when many people like to give back to charitable causes. Sadly, hackers and other attackers are ready to take advantage of your generosity during this time and will stoop to pretending to be a charity to steal your money. Avoid being taken advantage of by scammers by being cautious when donating to a charity by doing the following:
- Research the charity online before you make a donation, including searching for the name of the charity plus “scam” or complaint”
- Use reputable charity search organizations like Charity Navigator and the BBB Wise Giving Alliance
- Use a credit card and keep a record of your donation
- Watch out for high-pressure from scammers
Overall, Black Friday and Cyber Monday can be a fun time to get gifts for people you love (and yourself!). It’s the official start of the holiday season, and with a little caution, you can keep your spirits high while avoiding falling victim to a cybersecurity attack.