The holiday shopping season is now upon us! This also means that scammers have kicked it into high gear. They’re primed and ready to take advantage of all those juicy online transactions. Which means you need to review your mobile security practices to ensure you’re ready to go.
It’s important to stay safe online during the buying frenzy that occurs this time of year. An ounce of cybersecurity prevention is definitely worth a pound of cure. It can also save you from a financial or privacy nightmare at an already high-stress time of year.
Here are some of the most critical safety tips to improve your online holiday shopping.
Check Your Mobile Device for Security Updates Before You Shop
Computers, tablets, and smartphones that have old software are vulnerable to all sorts of attacks. Nobody wants to wait through a 10-minute iPhone update, but it’s the easiest thing you can do to keep yourself safe.
Attackers use vulnerabilities found in device operating systems to take advantage of busy targets. Updates install patches for known vulnerabilities, reducing that risk. Make sure to install all updates before you use your device for online holiday shopping.
In fact, go do it now. We’ll wait.
Don’t Go to Websites from Email Links
Yes, it’s annoying to have to type in “amazon.com” rather than just clicking a link in an email. But phishing scams are at an all-time high this time of year and that’s how they get you. Lots of phishing scams will create fake websites that look just like Amazon so you give them your credit card number.
It’s best to go straight to the source instead of relying on links. If you want to make things easier, save sites as shopping bookmarks in your browser. This is safer than clicking a text or email link.
For extra points, add your shopping websites to your Password Manager and let it automatically log you in securely.
Use a Wallet App Where Possible to Maintain Mobile Security
It’s always a risk when you give your debit or credit card to a website. The risk is even higher if you’re doing holiday shopping on a site you haven’t purchased from before.
Where possible, use a wallet app or PayPal. This eliminates the need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.) and maintain your mobile security. This way, the retailer doesn’t get them, only your secure mobile device.
Remove Any Saved Payment Cards After Checking Out
There are many websites (including Amazon) that automatically save your payment card details. This is great for an attacker. It may make the next buy more convenient, but it puts you at risk. An attacker who gains access to your device or account could make purchases without you knowing.
There is also the risk of a data breach of the retailer. If Amazon or other stores lose your payment information, it’s just as bad as if you did. And it’s more common than you would think. The fewer databases you allow to store your payment details, the better for your security.
Immediately after you check out, remove your payment card from the site. You’ll sleep much better.
Make Sure the Site Uses HTTPS (Emphasis on “S”)
HTTPS has largely become the standard for websites now. This is instead of “HTTP” without the “S” on the end. HTTPS means that a website encrypts the data transmitted through the site such as your name, address, and payment information.. It literally stands for Hypertext Transport Protocol Secure. So use it.
You should NEVER shop on a website that doesn’t use HTTPS in the address bar. An extra indicator is a small lock icon in front of the website address.
Double Check the Site URL
We all make typos from time to time. Especially when typing on a small smartphone screen. One typo can land you on a copycat site (such as Amazonn(dot)com).
Hackers buy domains that are close to the real ones for popular retailers. Then, they put up copycat sites designed to fool users that make a mistake when typing the URL.
Take those extra few seconds to double-check that you’ve landed on the correct website. Do this before you start shopping.
Never Shop Online on Public Wi-Fi
When you connect your device to public WiFi, you might as well expect a stranger to be watching. Attackers LOVE the holiday shopping season and will hang out in popular public Wi-Fi spots. Starbucks, airports, even libraries are popular spots for attackers to set up camp and collect public WiFi data.
They spy on the activities of other devices connected to that same free hotspot. If the network owner hasn’t set up proper security controls, which is incredibly common, an attacker can access everything you type in. Passwords, web addresses, and credit card information are all at risk.
Never shop online when you’re connected to a public Wi-Fi network. Instead, switch off Wi-Fi and move to your mobile carrier’s connection. You can also use a private VPN service to protect your traffic further. Also continue to make sure websites use HTTPS so your data is encrypted when you can’t use other privacy systems.
Be On High Alert for Brand Impersonation Emails & Texts
Phishing scammers were very active during the holiday shopping season of 2021. There was a 397% increase in typo-squatting domains connected to phishing attacks.
While you need to be careful all the time about phishing, it’s even worse during the holiday season. Attackers know that people are expecting retailer holiday sales emails. They also get a flurry of order confirmations and shipping notices this time of year.
Phishers use these emails as templates. They impersonate brands like Target, UPS, Amazon, and others. Their emails look identical to the real thing. When you click on a link in the phishing message, it will take you to a site that they have copied as well, getting you to click and/or log in to their malicious website. From there, they harvest your credentials.
Be on high alert for brand impersonation emails. This is another reason why it’s always better to go to a site directly, rather than by using an email link.
Enable Banking Alerts to Improve Mobile Security
Check your bank account regularly. Look for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app. You can also configure your wallet app, like Apple Wallet, to notify you any time there is a charge to your credit card.
Additionally, many banks allow you to set up alerts for events such as:
- When a purchase occurs over a specified dollar amount
- When a purchase occurs from outside the country
How Good is Your Mobile Security?
Mobile malware is often deployed in holiday shopping scams. How secure is your device from malicious apps and malware? Contact us today for a security checkup.