|
From the desk of Jason Balderama, CISO, County of Marin
As Black Friday, Cyber Monday, and the season for online shopping quickly approaches, it’s worth taking a few moments to ensure you are not giving the gift of your personal or financial information to scammers. Identity theft, social engineering attacks, fraud, and malware infections are serious problems that target shoppers during the holiday season, and can happen when using your devices to find that perfect gift.
Let’s review some tips on how to shop safely and securely online.
|
|
-
Protect your accounts. Use strong and unique passwords on all your accounts and enable Multi-Factor Authentication (MFA) as an added layer of protection. This is especially important on accounts that have financial information such as online banking, credit card, and retirement accounts. If you have several passwords to keep track of, consider using a password manager to help keep your accounts secure. If you use the same password for multiple sites and your password is stolen, a scammer can potentially gain access to all the accounts where that password was used.
-
Check out as a guest. Don’t create extra accounts if you don’t have to. The inconvenience of having to enter your credit card information each time keeps you safer because a data breach at a retailer will not expose your financial information. It also means your payment information is not saved or ready to be used by anyone who gets access to your account.
-
Use only one credit card. By using only one credit card online, you are limiting the damage that can happen if a scammer gains that information. Alternatively, use an online payment system such as PayPal.
-
Use well-known online retailers that have an established reputation for cybersecurity. Verify that the vendors have good contact information listed on their site, and check with the Better Business Bureau or the Federal Trade Commission if you have questions or concerns.
-
Look for the lock symbol at the top of your browser or “https” in your URL bar. When visiting a website, look for the “lock” symbol before entering any personal and/or credit card information. The lock may appear in the URL bar or elsewhere in your browser. Additionally, check that the URL for the website has "HTTPS” in the beginning. These both indicate that the site uses encryption to protect your data.
-
Never shop or login to personal accounts when on public Wi-Fi or a public device. Public Wi-Fi can make all the personal information that you transmit visible to criminals. Public, shared devices, such as kiosks can be infected with malware that will steal your information.
-
Do not leave your browser open on a shopping site for long periods of time. Websites that use advertising feeds have occasionally had them hijacked by scammers, who are then able to install malware on your devices. This malware can steal your personal information or encrypt your device and demand a ransom to return it to your control.
-
Keep your devices up to date. Turn on automatic updates and always apply updates to your devices and software when they are available. Keeping devices up to date means you have applied all the available fixes for known problems and vulnerabilities. This makes you more secure.
-
Be careful which links you click in your emails and text messages. At this time of a year, a favorite trick among scammers is to send emails and text messages pretending to be from the major shipping companies with a link to track your package. They count on the fact that you have ordered many things online and are waiting for a package. Instead of clicking the link, copy and paste the tracking number into the shipping company’s website to track it. Additionally, always head directly to the web site of the company you want to shop with by entering the URL into your browser. Avoid clicking links directing you to log in, as they may send you to a malicious site that looks real, but can steal your information.
-
Do not use your work email address for retail accounts. By using a free email account such as Gmail, it will be much easier to identify a potentially malicious email coming to your work email, since the online retailers should not know your work email address. This can also help prevent scammers from knowing where you work, which is information they can potentially use to try to hack into your work account.
|
|
Copyright © 2024 County of Marin, All rights reserved. |
|
Disclaimer
The information provided by Marin CyberSafe News is intended to increase people’s awareness of cybersecurity and to help them behave in a more secure manner. Links are provided because they have information that may be useful. The County of Marin does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of County of Marin.
|
|
|
|
