These steps will help you stay safe while shopping in the stores or online.
Someday soon, you will be able to snooze off the third helping of turkey on your couch while drones bring you presents you ordered by nodding your head at your wrist phone.
Until then, you may need to sit up and pay attention to a few security tips—to make sure the only person draining your account this holiday shopping season is you.
Since ‘we the people’ are about to spend more than $600 billion starting this week, criminals are ready to put you on their shopping list.
Watch out for Wi-Fi
Stay away from public Wi-Fi when you’re shopping in stores, says cybersecurity company Skycure.
Why? Many stores set up their Wi-Fi wrong so that the bad guys can sit there with a laptop and suck up your info, according to Skycure.
“The most popular data to steal is user names and passwords,” Skycure’s holiday advisory report said. “With those, a hacker can break into your cloud accounts, corporate email and other systems, long after your visit to the mall.”
Better yet, the crooks can set up their own Wi-Fi network as a trap. They’ll call it “Macysfreewifi,” or “Apple Store,” and wait for you to connect.
“Even a short exposure to a malicious network may give hackers enough information to later access bank accounts, social media accounts and corporate accounts,” the Skycure report said.
Top ten shopping malls with the riskiest Wi-Fi networks, according to Skycure.
What you can do:
—Use only secure Wi-Fi. Don’t use free public Wi-Fi for payments unless you also use a VPN, a virtual private network that offers protection.
—Check your phone to see if it is set to automatically join Wi-Fi networks. You can change the setting so it only connects when you want it to.
—Check to see if the store shown in the Wi-Fi network name is actually nearby. The Skycure report found Wi-Fi networks named “Macysfreewifi” and “Apple Store” at places with no Macy’s or Apple stores.
—Check the address on Skycure’s map to see if there are risky Wi-Fi networks at your mall or shopping area.
—Add multi-factor authentication to your shopping accounts so you will be notified if someone tries to sneak in with just a stolen password.
Skycure map shows risky Wi-Fi networks at the Mall of America in Minnesota.
Fake package warning
You ordered something from Amazon. Now you’ve received an e-mail from Amazon saying there’s an issue with your shipment. You click to make sure your gift arrives problem-free.
But this year, fake shipping notices from Amazon are coming to your inbox.
The e-mail says you won’t be able to access your Amazon account until you confirm your info, according to the site Get Safe Online.
Click, and you go to a site that looks very much like the real Amazon site.
You enter your details, and then you get kicked out to the actual Amazon site, unaware that you have just been ripped off. In addition, bad guys could load malware onto your device to continue the rip-off for months or years.
This is one of many shipping scams you may see this year. The same crooks who used to try to pull the Nigeria scam on you, asking for your help to transfer millions of dollars out of the country, have turned their energies to this kind of trickery, among other e-mail hoaxes.
Fake “amazon” survey tries to trick you into clicking on link & providing your info.
What you can do:
—If an e-mail asks you to click on a link or open an attachment to update your details or resolve a problem with your account, be suspicious, Get Safe Online said.
—Don’t click or download as instructed. Instead, go to the real site or app on your own.
—Check to see if the payment page is secure by looking at the address line. Does it say “http,” or “https”? Make sure it says “https” and has a green padlock.
—Check your bank or credit card statements regularly and closely. Christmastime criminals will try to slip in a number of smaller charges, hoping you will not notice in the flurry of holiday activity.
Make sure the address line reads “https”—as seen in this image of Amazon’s site—so your payment will be more secure.
Fake apps
You want a bargain. Here’s an app to get it. Download now?
Cyber Grinches hope you will install one of their coupon, discount or shopping apps this year.
Sometimes they will take a popular app and repackage it with a bit of malicious code, Skycure said.
Researchers found a fake Starbucks app that looked like the real thing. Another cyber crook made a malicious app called Amazon Rewards. Some of the apps will steal your data or spy on you through your camera or microphone.
“By promising ‘rewards,’ people are more likely to download this, even though it will not appear on the official app stores, because the desire to save money this time of year is at its highest,” Skycure said.
Cyber crooks made a fake Starbucks app that looked just like the real one, but with malicious code.
What you can do:
—Only download apps from official app stores.
—Read the warnings on your device and don’t click “continue” if you don’t understand the exposure, Skycure said.
—Keep your phone software up-to-date.
—Disconnect from the network if your phone acts strangely—like crashing a lot—or you get a warning notification.
Fake sites
Watch out for fake Black Friday sites, warned cybersecurity company Kaspersky.
These sham sites offer big bargains on name-brand products, like designer handbags, but are really out to steal your credit card and other information.
Other fake sites promise gift cards and discounts, like a $200 Amazon coupon. Enter your info to get the coupon, and you may have given away your credit card number and account password.
Fake Michael Kors site, according to Kasperksy Lab. Image from Kaspersky Lab.
What you can do:
—Be suspicious of sites with very low prices for popular items.
—Take a look at the address for the site. Is it very close to the real brand name, but just a letter or word off? Do a separate search for the real site.
List of real organizations & the fake domains scammers use to impersonate them. Image from Palo Alto Networks Unit 42 SilverTerrier report.
—If you get an e-mail with a link in it, you can hold your cursor over the link to see the real URL in the lower corner of your browser.
—Use a credit card or a pre-paid debit card instead of a debit card to limit your losses if you get stung.
—Check to see if your bank or credit card will send you a text message or e-mail notifying you after each transaction. That way you can spot fraud instantly.
With these steps, you can enjoy Black Friday and Cyber Monday without becoming a part of “Hacker Tuesday,” the day when cyber crooks may start selling off the goodies they stole during the busiest shopping days of the year.