Over past few years as online shopping has taken hold as the most important channel for holiday shopping, retailers and other merchants are posting deals earlier and earlier. Now that holiday season is upon us and we are excited about shopping for our friends, loved ones and yes, for ourselves too. Who has the best deals? Will my gifts get there in time? Getting the best deals means going online from store to store, comparing prices and populating shopping carts. But wait! We just saw a better price, a better deal somewhere else.
All the crazy activity is not lost on the bad guys, who are waiting to take advantage of the cyber frenzy as new accounts are being created, people are trying to go back to sites they have not been to in a long time, leading to forgotten password requests and help desk calls. All these motions open up opportunities to the cyber attackers to inject themselves into your holiday plans.
So how do you make sure they don’t put a damper on your holiday joy?
Leading cybersecurity experts agree on the fact that more than 80 percent of the cyber incidents start with identity-based attacks, such as password theft, man-in-the-middle attacks to grab push notifications or one-time pas codes to take over your accounts.
This blog explores the Holiday Season Six most prevalent cybersecurity attacks and the address the best ways to avoid them.
Top 7 Holiday Season Cybersecurity Threats
- Phishing emails from fake web stores that look very real, but they are fake. It is important to examine the sender’s email domain. Does it match with the store? Another thing is to be on the lookout for obvious typos in the content.
- Malicious Browser Plug-ins that are actually malware working to steal credit card payment information from the shopping cart. Some anti-malware software can help you with that. Using secure browsers like Duck-Duck-Go can help protect you.
- Very realistic replicas of online stores that collect your payment information, but never ship you any product.
- Black Friday Cyber Monday Scams – completely fake online storefronts that are new and unfamiliar are launched at this time. The sale prices are so unbelievably good that you just have to click on it.
- Donation sites to help others. Holiday time is also when people feel like helping others and there are a multitude of scam donation sites that end up in thieves helping themselves to your money.
- Public open Wi-Fi networks: thieves may scan public wi-fi networks to steal unencrypted credit cards or login information.
How to Stay Safe Online this Holiday Shopping Season?
The experts remind us that there are a number of steps that we can take to protect ourselves from cyber heists during the holiday shopping season. Here are some steps that you can take to protect you and your family and ensure that the season is full of joy:
- Strengthen Your Passwords and Authentication – consider going passwordless. Avoid using easy to guess information like birthdays or simple number sequences. Try not to re-use passwords across multiple accounts. Attackers try and use stolen password lists on other common sites to gain access to some of your other accounts. Multi-factor authentication requires the user to provide something more than just a password to login. While the use of Password Managers can help, using an authentication app on your mobile phone can be effective as well. The most effective method to avoid phishing attacks is to use a device-bound FIDO Authentication Key available from several suppliers.
- Secure Your Connection – connecting to Wi-Fi in your favorite coffee shop, or the airport is a convenient way to check your email, download a file or get work done. It is better not to conduct purchase transactions. Consider using a VPN to leverage encrypted connections to all websites so that thieves cannot steal your credit card information and any other personal data.
- Look for telltale signs that the store site is secure the best advice is to only shop on websites with “https://” and a padlock icon in the address bar. This means that there are additional security protocols at work between your browser and the website that are protecting you. Here too spelling errors can be a giveaway that the site is fake. Use official retailer apps or direct website links instead of clicking through email links.
- Email and Communication Safety – It is best to be skeptical of unsolicited emails with deals that seem too good to be true. Never click on links or download attachments from unknown senders and as in the previous points, watch for red flags like poor grammar, urgent language, or emails that do not correspond to the retailer’s domain name.
- Smart Shopping Practices –Step one – shop from trusted, well-known retailers that have customer reviews and check seller ratings. Consider if the offer is too good to be true. Also save all digital or physical receipts for all transactions.
In addition to the above, experts recommend keeping your laptops and mobile devices updated to the latest versions of operating system software. It can be convenient to enable automatic updates for a more “set and forget” mode.
Lastly, experts when asked what is one thing they can focus on to protect from cyber-attacks, they responded that identity-based attacks are the number one threat. Using username and password only for authentication carries the highest risk. The best way to address that is to adopt Multi-Factor Authentication (MFA).
Not all forms of MFA are created equal. Commonly used forms of authentication include mobile phone-based authenticators, One Time Passcode (OTP) Tokens and Smart Cards. A new paradigm has evolved that enables Passwordless Authentication using a protocol known as FIDO (Fast Identity Online) which uses Passkeys to replace passwords. The most effective security is provided by FIDO hardware security keys, usually with a USB or NFC interface, which contain non-phishable device-bound passkeys and cannot be tampered with.
While FIDO keys might be new to you, they’ve been around for a while – FEITIAN’s first FIDO U2F key was launched back in 2015. Since then, they’ve been adopted by organizations large and small enabling customers to choose more secure login protection. FIDO Keys can be used to protect your email (Apple, Google, Microsoft and others), bank accounts (Bank of America and others), as well as online retailers including Amazon. For more information on FIDO Security Keys provided by FEITIAN Technologies, please visit our website https://ftsafe.us
Looking to protect yourself with a FIDO key? Check out our keys at https://shop.ftsafe.us.
