With online shopping trumping in-store retail this holiday season, cybercriminals will have no shortage of potential victims to target. And they’ve only gotten smarter and more nefarious over the past year.
“Online purchasing scams were the number one scam reported in 2020, and unfortunately, these scams are becoming more frequent each year,” said Hari Ravichandran, founder and CEO, Aura, a provider of digital security. “The total number of reported scams, including online purchasing scams, rose by 24.9% between 2019-2020 according to the Better Business Bureau to 46,575.”
The 2021 holiday season is expected to be rife with even more bad actors than in the past.
“We will see an all-time high in cyber crimes this year,” said Chad Cragle, director of security and compliance at FormAssembly. “Every year the percentage increases because the attacks are becoming more sophisticated and the tools these threat actors are using are becoming more popular and highly available. The recent pandemic has not helped in this area, but rather made it another threat vector since it can relate to everyone worldwide.”
Fraudsters know how to play with your emotions
Cybercriminals are so successful in part because they’ve become experts at reading — and playing with — human emotion via text and email.
“Cybercriminals are very good at designing emails and text messages that prompt a sense of urgency and fear,” said Craig Lurey, CTO and co-founder at Keeper Security. “A consumer may see an email that says, ‘Immediate action required – account will be frozen if xyz step isn’t taken.’”
Another type of urgent communication potential victims may receive is one that appears to be coming from one’s boss.
“An employee may receive an email that seems to be coming from a boss, asking the employee to purchase gift cards– but the boss needs it to happen right now,” Lurey said.
“This scheme uses both urgency and an appeal to authority, which many employees would want to act on quickly. Humans are naturally curious, and most people want to be helpful. Receiving a message that appeals to any emotion can, and often does, spark an action. It’s also important to note that today’s cyberattacks are very sophisticated. The phishing emails and texts that cybercriminals send look just like legitimate communications, which is why so many people fall for them.”
Bad actors are taking advantage of pandemic-related shortages
“The pandemic has caused significant shortages in many items, especially electronics,” said Erich Kron, security awareness advocate at cybersecurity firm KnowBe4. “This season is already known for the stress related to finding that must-have gift, however, the continued emotional stress caused by the COVID-19 pandemic combined with the even more significant shortages is causing people to take bigger risks to get that perfect gift. This means turning to unknown online vendors or social media marketplaces as a desperate last resort. Unfortunately, these risky moves often result in disappointment as scammers take the money and run.”
“There’s a reason a scam is colloquially known as a hustle,” said Jacob Ansari, chief information security officer of Schellman & Company, LLC, a global independent security and privacy compliance assessor. “If the perpetrator can keep you moving and not give you time to think, they can usually succeed. Schemes like this contain markers, sometimes subtle, that require prompt action or immediate attention. Look for tells like that and let them warn you that what you’re seeing is potentially illegitimate.”
Learn how to identify phishing scams
“Look for incorrect domain names in email addresses, suspicious attachments or incorrect links, branding that doesn’t match the company (different logos, etc.), misspelled words or grammatical errors and mismatched or suspicious links,” said Heather Paunet, SVP of Product at Untangle, a cybersecurity firm.
Avoid opening emails from unrecognized senders
“Phishing scams are the most commonly reported type of cybercrime, and hackers frequently target business emails to increase profit potential,” said Justin Wray, director of operations, security at Core BTS. “Companies can help employees protect themselves from these common types of attacks by offering training and education on what to look out for when it comes to phishing schemes. Individuals need also be diligent when it comes to unexpected emails or communications.The same cautions should be applied to voice calls, text messages, and other digital interactions.”
Type in URLS instead of clicking on links
“Manually type in URLs to sites you want to visit rather than clicking on links,” said Nick Biasini, head of outreach at Cisco Talos. “For example, If an email claims to take you to Target’s website for a specific deal, type www.target.com into your browser and search for the deal rather than clicking on the link in the email.”
Use payment services such as Google Pay, Samsung Pay and Apple Pay
“These services use tokenization instead of the ‘Primary Account Number’ (your credit card number), making your transaction more secure,” said Biasini.
Beware the Cash App/Gift Card Request
“If someone requests cash payment, payment via cash app, or gift cards it should be a huge red flag,” Biasini said.
Use credit, not debit
“When choosing payment information for your online purchases, opt to use a credit card over a debit where possible,” Ravichandran said. “Credit cards typically have more fraud protections in place when compared to debit cards, giving you additional protection in the case of a data breach.”
Run regular antivirus scans
“No matter what website you’re shopping on, if your computer is infected with malware or ransomware, you’re at risk,” Ravichandran said. “Install an antivirus software that you trust and schedule frequent, automatic scans. Especially, during the holiday season, the last thing you want to be spending money on is a broken or infected computer.”
Get a password manager
“Any password manager is better than no password manager, and it will help you create and store unique passwords for every website you visit, minimizing the impact on your digital life should one website have a breach,” said Gary Orenstein, chief customer officer at Bitwarden. “A password manager stores your passwords in encrypted format, so only you can decrypt them.”
Save more: 20 ways to pay less at Costco
Don’t use the same passwords across multiple sites
“Shoppers should avoid using the same passwords across Amazon, Target, Wal-Mart and other retail sites, which can open the doors to potential breaches,” said Rick van Galen, a security engineer at 1Password. “When hackers gain access to one account, it is likely that multiple of the accounts will be compromised.”
Enable two-factor authentication
“Two-factor authentication or 2FA, makes it much harder for a hacker to gain access to your account,” said Hannah Hart of ProPrivacy. “It’s a simple and effective measure that requires a user to provide a secondary piece of information when they login, to validate their identity. This information is usually a single-use code delivered by SMS or a companion app – something that a hacker is unlikely to have access to.”
Use secure networks only
“Be sure to use only secure wifi networks, and if there are no secure networks available, install a reputable VPN and use that,” said Patricia Vercillo, VP of Operations at The Smith Investigation Agency.
“There are a number of products out there that will clean up your online history, monitor your social reputation and guard your online security,” said Tom Kelly. president and CEO of IDX, a privacy platform and data breach services provider. “We recommend investing in one that will not only monitor and protect you, but will delete, block or take down harmful activity.”
More From GOBankingRates
This article originally appeared on GOBankingRates.com: How to protect your identity and your wallet on Cyber Monday