'Tis The Season To Shop Cyber Smart: Holiday Risks To Organizations And Employees

During the holiday season, online shopping sites advertise big sales to draw consumers onto their sites. Distracted by low prices and expedited shipping times, shoppers often forget to take a moment to think about security. Knowing this, criminals design scams to exploit people's generosity, creating realistic-looking websites and advertisements that appear to be legitimate but in reality are fraudulent or designed to steal information.

And as many workers shop while on devices connected to an organization's network—making the company's confidential data vulnerable—it's important for organizations to educate their employees how to shop securely.

Shopping Securely Online

Shopping online may be easy and convenient, but online shopping scams are one of the most reported types of fraud. During the holiday season, holiday-themed websites are launched by criminals to draw people in and steal information or money or even track browsing history—setting up unsuspecting shoppers for future phishing emails and scams.

Whether they are using a work-issued laptop or a personal device accessing the organization's network, it's important that employees remain aware of cyber safety so that they can protect both their own and the company's information. Organizations can encourage employees to take these important steps while shopping during the holidays and throughout the year:

• Keep in mind that if an item appears "too good to be true" it usually is. Criminals advertise major discounts and use high-pressure tactics to draw victims to their site. The products are cheap—often because they are counterfeit or even nonexistent.
• Use familiar, trusted sites and apps for holiday purchases. Legitimate merchants offer details about the product, include user reviews, and explain the site's customer service and return policies in language free from spelling and grammar mistakes. Apps should only be installed from official app stores.
  • Only give information that websites and apps require for the purchase. The more information someone gives about themselves, the more information is available to data brokers and even criminals—and later can be used for advertising or even targeted scams.
• Don't click on links from unknown senders or on advertisements in social media or search engines. "Sponsored" or "ad" results could be scams; clicking on such links could download malware or result in a stolen password. Even if a link is sent from a trusted contact, their account may have been compromised, and a criminal could be using that account to send malicious links. Instead, navigate to the website or app to view deals and coupons.
• Pay attention to tracking information. Criminals prey on consumers' frequent purchases by creating fake shipping alerts. Do not respond to texts or emails that ask for a link to be clicked or a number to be called to confirm a delivery. Instead, go to the shopping website or app to check delivery dates and purchase information.
• Use a credit card for online purchases, not a debit card. Money is deducted directly from a bank account with a debit card purchase, making recovering money lost to a scam more difficult. Having one credit card dedicated to online shopping makes it easier to manage and monitor purchases. Secure and well-known payment services, such as PayPal, can also limit financial exposure if a site or app is fraudulent.
• Be wary of cryptocurrency transactions. Criminals take advantage of many people's lack of knowledge about cryptocurrency and may ask an unsuspecting shopper to purchase products using cryptocurrency. Keep in mind that cryptocurrency transactions are irreversible—there is no recourse in the event of fraud, theft, or user error. If a seller requires payment in cryptocurrency, take the time to confirm the transaction before sending, or purchase the item on a reputable website that accepts credit cards and payment services.
• Be wary of typing personal or financial information into a chat box. A website's security does not necessarily extend to its chat function. An unsecure chat box could allow hackers to steal names, addresses, passwords, and credit card numbers. Criminals could also eavesdrop or convince a customer to install a malicious program. If prompted to enter personal information or to download an app while in a chat box, take a moment to determine if the site is secure and if the requested information is needed. Consider a phone call or other means to provide that information.

Additional Safety Measures

By educating employees on how to keep accounts and devices secure throughout the year, risks to the organization and employees can be reduced.

• Confirm computers, mobile devices, and other devices have the most recent software updates. This important step provides an extra layer of defense against viruses and malware.
• Protect accounts with long, unique passwords and multi-factor authentication. For all accounts, it is recommended to create a long, unique password that contains at least five unrelated words and uses an MFA app for additional verification. Store passwords in a password manager.
• Only shop when connected to trusted networks. Criminals can create a malicious wi-fi network in just a few minutes and use it to spy on transactions. Even if a wi-fi network appears legitimate, make it a practice to never shop when connected to free or public wi-fi.
• Practice caution when scanning a QR code. Cyber criminals can manipulate a QR code as easily as they can manipulate an email. Do not download an app or type passwords into a webpage that was accessed through a QR code.

By emphasizing that digital security is as important as physical security during the holiday season, and including online shopping scams in cybersecurity awareness training, organizations can ensure their employees and their data are protected.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.