Each year, Black Friday and Cyber Monday are expected to be a shopper’s paradise with the biggest discounts available from almost every retail store, in-store and online. With more than 4 billion internet users currently worldwide, it is also a hacker’s dream to target the expected two biggest online shopping days.
Malicious cybercriminals live for the opportunity to take advantage of the influx of purchasing and steal credit card data or private information. In addition, if they already have stolen information, they are more likely to get away with charges on a day that might seem normal for unusually high spending to popular big-name retail stores that you’ve likely shopped at before. And, with online shopping in general expected to double in 2020 from where the stats were in 2016, hackers are looking forward to big paydays throughout the next two years.
The 2018 Data Breach Investigations Report shows that cybercriminals have had a busy year already, reporting over 500 million data breaches and more than 1.2 billion stolen records. Unfortunately, even the largest tech companies in the world such as Facebook and Google Plus have experienced security breaches. The lesson learned is that there is no perfect security and cybercriminals are getting more malicious and creative at getting to your data. It's up to you to ensure your safety online.
If you think you’re safe to just use your mobile to shop, think again. ThreatMetrix reports that 1/3 of all fraud now targets mobile, and global attacks are up to 24%. In Ponemon’s recent polls, 68% of professionals share passwords across personal and work accounts via their mobile device and half of those surveyed had no password, Pin, two-factor authentication, or biometric security on their mobile phone. If an employee gets hacked on their personal mobile device where they also use the same password for their business account, it is allowing room for a hacker and make their way in and to targeting your business.
Here are 7 ways shop safely on Black Friday and Cyber Monday:
1. It’s Holiday Phishing Season
“Too Good to be True” still applies to Cyber Monday. If you get an email offering you a FREE $50 gift card from Amazon for Cyber Monday or any other day for that matter. Verify that the email is legitimate, double check the URLs in the email by hovering over links. If you have any doubt, go directly to the retailer’s website instead of clicking the link. You can type the “discount” code manually. Learn how to better spot Phishing attempts before you're a victim.
2. Look at the URL
When you are on a site, you need to see https:// as the start of the URL. The “s” means they purchased a Security Certificate for the site. A “lock icon” will be shown next to the URL as well. If you don’t see these then DON’T enter your credit card info! This applies to ALL sites, whether you clicked a link in an email or used a search engine (Google/Bing), verify that you are on a legitimate, secure site before you enter your information.
Also, make sure you're using a safe network - beware of open public networks at your local coffee shop.
3. Passwords, Passwords, Passwords!!
Yes, when you create an account for that special purchase, you will need a password. DO NOT use the same password at every site, especially if you were about to use the same password you are already using for your online banking! Of course, you would never do that but please tell your “friend” not to do it either! Make sure ALL of your passwords are strong and unique. Random words, numbers, or phrases make for the best passwords. Remember that cybercriminals can run every variation of a password with numbers and symbols, across hundreds of websites to try to unlock your account.
Need help remembering all those passwords? get a simple password manager like Dashlane, LastPass, KeePass, Keeper, etc. Most of these password-keeping apps offer a free version and the paid versions are generally under $50 annually. We don't get paid for advertising for these helpful tools but trust us, they're worth the small fee.
Additional Cybersecurity Tip:
When you're shopping, do not save your payment methods in your retail shopping accounts and delete any previously stored credit cards. Once you finish your shopping, also change your account passwords.
4. There’s an App for that!
Beware of Holiday or special promotions from Apps! Especially the “Find the best Cyber Monday Deal” kinds of Apps. Yes, Apps are cool and can save some time and if you really want to use them, understand what kind of info you are providing. If the App wants to have access to your photos, camera, contacts, etc… you should think twice about installing it.
5. Debit or Credit?
Use Credit all the way for Cyber Monday (or ANY online shopping). Credit cards offer an extra layer of protection from fraud. Your credit card company can alert you if they suspect unusual activity and allow you to approve your purchase immediately if it was your actual activity. If not, you can dispute it right away as well. If you absolutely must use Debit (Hey, we love Dave Ramsey too!) then use a pre-paid Debit Card or set up a separate bank account just for your online shopping.
6. Protect Your Identity
Set up identity theft protection. It’s incredibly inexpensive to cover your entire family and will give you peace of mind. LifeLock, Zander Insurance, etc…there are a lot of affordable options available for personal and corporate use. Check with your local I.T. Support Company and acquire the best plan for your employees and their families in your I.T. Services plan.
7. Freeze your credit.
Yes, I said to freeze it. That way no one can open a new line of credit with your SSN. It’s Free (as of May 2018). You will need to contact all 3 credit bureaus (Equifax, Experian, TransUnion). When you need to apply for credit, it’s free and easy to unfreeze it. It's a bit of a process. If you've been a victim of identity theft, this is a surefire way to prevent it from happening again.
Leaving a loophole open to cyber criminals with your personal credit accounts can also be way into your business. The Purple Guys offer the top, most comprehensive tech tools that scan the most secretive corners of the Dark Web and monitor for our customers' stolen credentials, allowing us to alert them in real time to take action immediately before a breach occurs.
If you're curious whether your company's data is for sale on the dark web, act now. We'll scan your company domain to see if any emails (personal and business) tied to your company domain is for sale on the dark web. Get your Free Dark Web Scan from our Cybersecurity team today.