Between the frantic search for last-minute gifts and the desire to donate to worthy causes, people tend to open their wallets more around the holidays than at any other time of year. Unfortunately, hackers are more than happy to take advantage of your generosity and urgency to make a quick buck.
That’s why all around the country, ordinary people are being targeted by more holiday scams each year. Here’s the good news: With a little awareness and common sense, you can protect yourself, your employees, and your business without becoming a Scrooge.
To spread that message, our founder and CEO Tush Nikollaj recently appeared on ABC News10 to share practical tips on how to stay safe.
Here are ten of the best ways to protect yourself:
1. Only Buy From Trusted Retailers (and Verify Their Identities)
Over the last few years, scammers have been flooding the Internet with seemingly real online storefronts every holiday season. Some of them just take payments for items that never arrive or sell real goods with inflated prices and hidden fees. Others are more sinister, using transactions as an opportunity to collect personal information they could sell or use for a later attack.
In the cybersecurity world, we call this “typosquatting.” To avoid falling for it, don’t click links in ads or emails – instead, go directly to the company’s website. Also, make sure to double-check the URL of any site where you plan to log in, buy something, or share information of any kind. If it’s any different from what you expect, turn away.
2. Be Cautious of Deals That Look Too Good to Be True
You’ve heard the adage: “If it seems too good to be true, it probably is.” It’s more accurate online than almost anywhere else – especially when it comes to online shopping.
Avoiding these is mostly about using your intuition and common sense, but it also helps to avoid clicking on any links to deals.
3. Don’t Click Links From Emails
A link is one of the easiest ways for scammers to get you onto their duplicate version of a real site. Instead, navigate to the site you’re looking for through a search engine or by inputting the URL directly.
4. Don’t Let Retailers Save Your Credit Card
When you make a purchase online, many retailers offer to save your card information for convenience. Resist the temptation.
These retailers aren’t malicious (usually), but they’re not necessarily secure either. If you let an online store save your payment information, it could be exposed if they get breached.
Instead, use a digital wallet like Apple Pay or Google Pay, which have top-tier encryption to keep your payment information safe.
5. Double-Check Delivery Notifications
Shipment tracking makes two things easier during the holidays: Gifting and grifting.
This scam can trick even the most careful people because it looks so realistic, and because shippers sometimes genuinely do need you to verify your shipping info. If you get a delivery message, don’t respond or follow a link. Instead, navigate to the carrier’s website on your own to check on your package.
6. Use Strong Passwords
Like most people, you’ve probably heard for years that a strong password is crucial for cybersecurity – and like most people, you’ve probably been ignoring that advice.
It’s not that you’re lazy. The problem is that most password guidelines just aren’t practical. Random strings of characters and numbers are be hard to guess, but they’re even harder to remember, so people don’t end up using them. Instead, they tend to reuse the same set of 3-5 passwords for anything.
This can dramatically compromise your security. Most holiday account takeovers are possible because hackers stole or guessed a password – especially when people reuse the same password on multiple accounts.
Here are two alternatives that can help you stay safe and stop losing your passwords:
Use A Password Manager
A password manager like Bitwarden or LastPass is hands-down the best way to protect your passwords. Not only does it protect your passwords, it’ll also keep track of them and make them easy for you (and nobody else) to use.
Password managers are one of the few cybersecurity measures that actually make your life easier. We can’t recommend them highly enough.
Use Random Words For Your Passwords
Want a strong, hard-to-guess password you can actually remember? Here’s a trick: Just string together 4-6 random common words. While you’re certain to forget a password like uXj8!9eKP=l in minutes, something like correct horse battery staple tends to stick in your mind. (Especially if you say it out loud a few times.)
Not only are they easy to remember, random words are actually more secure than random characters. We recommend them for any situation where a password manager won’t do.
7. Use Multi-Factor Authentication (MFA) Everywhere You Can
Multi-factor authentication (MFA), also known as 2-factor authentication (2FA), is a crucial stopgap that protects you if your password is stolen. When you log into an account on one device, MFA asks you to confirm if that login was valid through another. That makes it hard for hackers to breach your computer unless they also have access to your phone, and vice versa.
Stolen-password attacks are the most common type of holiday scam, and MFA stops 95% of them. While it can be annoying to use, it’s far more convenient than the alternative: Disputing fraudulent charges with your bank.
Disable Text Message Forwarding on Your iPhone
Apple has a very useful feature called text forwarding that let you sync text messages between your devices. Unfortunately, it also nullifies the benefits of MFA by letting hackers see confirmation codes on the same device they’re trying to access.
Unless you have a specific need for this feature, we recommend disabling it.
8. Monitor Your Financial Accounts Daily
Banks are on the lookout for large fraudulent charges, so clever hackers like to test the waters with incremental charges to see what they can get away with. Spotting and disputing them can prevent major losses.
That’s why it’s a great idea to monitor your bank and credit card activity daily and promptly dispute any charges you don’t recognize.
9. Don’t Shop on Public Wi-Fi
Public wi-fi is exactly that: Public. Hackers can easily intercept your connection and grab your credit card info, passwords, and home address.
No matter how urgent your last-minute gift order might be, do your wallet a favor: Don’t buy it over public wi-fi. Don’t log into sensitive accounts there, and don’t share any information you wouldn’t shout in the street.
10. Verify Before Donating
In the spirit of generosity, many people donate to charities and other nonprofits during the holidays. Unfortunately, hackers are happy to take advantage of your goodwill. Some of them impersonate real charities just like they do with retailers. Others go even further and invent an entirely fake charity.
When you’re donating to a well-known charity like United Way, follow the same steps you would with a business to make sure you’re in the right place. Small or local organizations like Capital Roots are easier to fake, so do a little research before donating to make sure they’re real, reputable organizations.
Get Help Protecting Yourself From Holiday Scams
Holiday scams are getting sophisticated to fool even the sharpest person on a bad day – but they’re still avoidable with the right training. A cybersecurity awareness training program can teach your employees the skills, vigilance, and common sense to keep themselves – and your business – safe during the holidays.
Need help avoiding holiday scams? Don’t hesitate to contact us. We’d be happy to assess your security status and show your employees how they can keep your company safe.