Black Friday and Cyber Monday will offer attractive discounts for shoppers; they also will raise the threat level for consumers as bad actors try to steal personal, private information.
If you’re the chief information security officer (CISO) of your own home, you need to prepare your family for the holiday shopping season whether they’re shopping in stores or online. The best way to do that is by taking the security awareness training you’ve had on the job to the home front.
Here are a few security reminders to keep shoppers security-aware.
Beware of phishing attempts. Although this is something you should be vigilant about year-round, during the holiday season, you may see an increase in phishing attacks.
If you don’t know who sent you the email, don’t open it. If you do know where the email came from, but it seems a little strange, exercise caution. Ask yourself a few questions: do I typically communicate with this person via email? If so, would he email me at this time of day? And if you’re still in doubt – call him!
Don’t click on links in unsolicited emails. Period.
Never reveal confidential information in an email. Rest assured that no reputable organization is going to ask you to send your credit card information or your bank account number to them via email. If you get a message that looks like it’s from your bank or the government asking you to send them payment data or other information like passwords or social security numbers, it’s fraudulent.
If a deal sounds too good to be true, it probably is. Trust your instinct. If something strikes you as the deal of the century and you see no way that the vendor is making any money on it – it’s probably a scam.
Use a secure payment method. If you’re shopping in person, make sure the store is using payment systems that accept chip cards or mobile payment options versus only using magnetic stripes.
Identity fraud is growing. According to a study released earlier this year from Javelin Strategy and Research, identity thieves stole $16.8 billion from U.S. consumers during 2017. The study also showed online shopping fraud (card not present fraud) is 81 percent more likely than point of sale fraud as the use of chip cards and EMV® (Europay, Mastercard and Visa) payment grew in the U.S.
Look for signs of security. Before entering any personal or login information on a website, check to see if the URL in the address bar of your web browser starts with “https://”.The “s” indicates an encrypted communication between you (your browser) and the website. A closed padlock also indicates a secure transaction.
Use multi-factor authentication wherever you can when shopping online. Many online stores will ask you to create an account with them as you check out. If you do (rather than check out as a guest), make sure the password you create is strong. Better still, use multi-factor authentication if it’s offered. And even though you’re encouraged to save your payment information on the site, the convenience of doing so may not be worth the risk if you’re not a frequent shopper of the site.
Don’t use public Wi-Fi. You may be tempted to use open Wi-Fi networks to shop online. Whether it’s online impulse shopping or simply using in-store Wi-Fi to save time, don’t trust your address, credit card information and anything else personal to public Wi-Fi.
The holiday season is a time of thanksgiving and celebration. Don’t let a security breach ruin the holidays for your family. Put on your CISO armor and train your family to be security-aware as they battle the cyber criminals at the home front by helping them be security aware.
For more information about phishing and security awareness training :
Learn How to Improve your Defense Against Phishing Attacks
Fighting Phishing – 2020 Foresight by Gartner | Gartner [Fighting Phishing], [Peter Firstbrook, Neil Wynne], [19 july 2018]
Download The Human Fix to Human Risk eBook
Download “The Human Fix to Human Risk,” to learn about Terranova’s simple five-step framework for implementing a comprehensive security awareness campaign that effectively changes employee behavior.