The Most Wonderful Time of the Year… For Criminals

By Yair Levy, Ph.D. Professor of Cybersecurity, Nova Southeastern University

December 1, 2021

Black Friday. Small Business Saturday. Cyber Monday. The “most wonderful time of the year” is once again upon us, the holidays. As the holiday season gets underway, many will turn to on-line shopping to find that perfect gift for their someone special.

With the onset of the COVID-19 Pandemic last year, the number of people logging on and shopping dramatically increased, as well as those habits that remain as we begin returning to our “normal” lives by getting out and about. As we turn on our computers, fire up our smartphones and start shopping, there are a few things to remember to keep you safe during your time on-line.

One of the best tips, if you can, is to have a credit card that is dedicated for your on-line shopping and have other cards to use when you are not shopping on-line (gas, groceries, etc.). Also, set up SMS and e-mail notifications when new on-line purchases are made so you will know immediately if someone is using your credit card fraudulently. There is no bulletproof solution, but a multi-credit card system is more secure. I’d even suggest activating the instant notifications on all of your credit cards, because it is better to be safe than sorry. If any credit card is compromised, report it to the company, have them deactivate it and get a new card.

When shopping on-line, verify that you are using a secure connection by looking for a little padlock in the browser address bar. If you don't see that, verify it with an encrypted connection, or through a HyperText Transfer Protocol Secure web-site, (HTTPS), by making sure that the Web address starts with "https://" (the "s" stands for secured). Think of it this way: HTTP is like a postcard – anyone can read it when you transmit it; but, using HTTPS is like putting the letter in a sealed envelope.

While it may seem convenient, if you are away from your trusted network (i.e. your own home network), I strongly urge you not to use free Wi-Fi on your mobile device – use your own data plan. You can't afford to be cheap when it comes to cybersecurity – you'll eventually get bitten by fraud. Cyber crooks name their network something familiar, like Fort Lauderdale Airport or Starbucks and get you to connect as a guest, which they use to see into your device. They add malware or key-loggers that capture all of the keys you type on your device (even a smartphone) and then when you shop or log into your bank account, they record your sensitive personal information and passwords.

Finally, it is important to know that criminals get credit card and personal information mainly through phishing email scams. These are bogus e-mails masquerading as trustworthy retailers like Amazon, Walmart and others by offering huge discounts or even as financial institutions alerting you for “suspicious activity” on your account. Never, EVER click on links provided in an e-mail to make a purchase or access your financial institution. Instead, go to the site independently (such as via bookmark or favorites) to verify the offer or coupon code and activity. If the deal seems too good to be true, it likely is! Also, be suspicious of the top links appearing on your search engine results; our research found many cases where these “ad” links that appear on top or may be injected by cyber criminals causing you to get ransomware or other malware.

If you’re looking for additional information, the Department of Homeland Security (DHS) offers useful and practical information online (StopThinkConnect.org). Another good resource is the National Cyber Security Alliance at: www.StaySafeOnline.org. Also, If you are a victim of cybercrime or get suspicious phishing emails, report them to the FBI Internet Crime Complaint Center at: www.IC3.gov and the FTC’s IdentityTheft.gov (https://www.identitytheft.gov) center. The site posts alerts on data breaches and emerging internet crime schemes.

By taking some simple steps, remembering that there’s no such thing as a free lunch and relying on your common sense can keep you safe on-line during the holiday season.