Friday, November 18, 2016

It’s Phishing Season: How to Protect Yourself on Black Friday and Beyond

Two-women-browsing-a-smartphone-drinking-wineBlack Friday is just around the corner—which means the holiday shopping season is about to get into full swing.
But crazy-long lines and fights over the last Star Wars Lego set aren’t the only headaches consumers might face come November 25.
That’s because Black Friday falls within prime cyber crime season, according to a new report from cyber security company Kaspersky Lab. In anticipation of the online-shopping deluge, digital crooks time their phishing emails, malicious links and other online attacks and scams to Black Friday, Cyber Monday and through the rest of the holiday season. By stealing your personal financial info from your computer or smartphone, they then can steal your cash—or even your identity.
The report reveals that for the past few years, the number of online attacks during this high sales season has been nine percentage points higher than the average number of attacks that happen during the other months of the year. That same jump is expected during the 2016 pre-holiday sales season as well.
What are the biggest cyber crime threats? Phishing emails are one of the most obvious. These emails are designed to look like they were sent from a legit company, such as your own bank or an online retailer you visit frequently. They’ll ask for your PIN number or other financial info for some made-up reason, such as to confirm a purchase.
Phishing pages are endemic as well, according to the Kaspersky Lab report. These are fake websites that mimic the appearance of a known retailer’s site. When you unknowingly “buy” something and enter your credit card information to check out, your data goes to a crook.
Those innocent-looking links you receive via social media or email that lead you to great deals? That could be a cyber thief at work, too. Click the link and malware is unleashed on your phone or computer that hunts down and steals financial data from your online banking or other accounts.
Making all of this easier for cyber criminals is the fact that so many of us bank and shop via smartphone these days: By the end of 2017, an estimated 60% of all e-commerce is expected to be done from a smartphone, according to the report. Thieves look for ways to break into insecure Wi-Fi networks and poach personal data.
But let’s face it: Online and mobile shopping isn’t going away, so how can you keep your info out of the hands of criminals while still checking things off your gift list? Keep these smart tactics in mind:
Never click on a suspicious link. That goes for whether or not you know the sender. After all, he or she may have been hacked, and the link might unleash malware that steals your data.
Only shop on a retailer’s actual URL. Check the address of wherever you’re doing your shopping to make sure you’re on the website of the actual company—not a similar-looking one created to mimic the site by thieves who hope you won’t notice.
Make sure the site is secure. An easy way to tell is whether the URL starts with “https.”
Switch your phone to cellular data if you’re shopping on the go. Yes, you might have to eat into some of your data plan, but that’s better than having your financial information stolen because you’re on public Wi-Fi. Even better, install a VPN system on your mobile devices, which encrypts your data.
Use complex, unique passwords for each online retailer. It’s also safer to change them every three to four months. Sure, it’s a pain to keep track of them all, but hey, that’s what password manager tools are for.
Never give a shopping site more info than is needed. If a retailer asks for your social security number or birthday, consider it a warning sign that something’s not right.