Hackers are already primed with malware and other phishing attacks as consumers embark on a season of holiday shopping with Black Friday and Cyber Monday.
Consumers who are looking for the best deals should counter the cyber criminals by using their smartphone to pay and employing the EMV chip on their credit cards rather than the magnetic stripe to deter the hackers even further.
"Black Friday and Cyber Monday are open season for hackers and cyber criminals," said Steve Durbin, managing director of the Information Security Forum, a London-based non-profit organization which examines cyber, information security and risk management. "They’ve been gathering data all year about how to spoof you and their attempts will be very realistic. Stop and think before your press the button."
Use Apple Pay or Google Wallet
Cyber criminals are already prepped to infect millions of smartphones and laptops with malware and viruses, so shoppers should stick to using Apple Pay, Google Wallet or Samsung Pay as much as possible. A new and one-time use payment number is generated for each transaction on those platforms, said Mark Parker, a senior product manager at iSheriff, a Redwood City, Calif.-based provider of enterprise cloud security solutions.
"Even if the payment transaction is compromised, the one-time payment number for the transaction is useless in another transaction," he said. "Nothing is perfect, but this is one of the most secure methods of retail payment available to consumers today."
Take Advantage of Chip and Pin Cards
Even though using your new chip and pin credit card it not as good as paying with your phone, the new chips offer an added layer of security than the magnetic strips. The EMV chip will generate a transaction code that can not be used again.
"It isn’t full proof, but it does protect you against the common practice of skimming the data from the magnetic strip," he said.
Shoppers who are using a Visa or MasterCard debit card should always opt for the credit option for purchases.
"We have already seen cases where both the PIN numbers and the card numbers were stolen, allowing attackers direct access to download cash from ATMs," Parker said. "By using the credit card function instead of the debit methodology, you decrease the risk of your PIN being compromised."
The best way to thwart hackers is to use a one-time card number that you can obtain from most banks and credit cards issuers. If the retailer is compromised by a hacker, the attacker does not get the consumer’s card and information. The crook only receives a "useless" one-time transaction payment number, he said.
Never opt to use a debit card, because your entire checking account could wind up depleted, and it may take several weeks for your bank to investigate the case and replenish the money, putting you in jeopardy of paying late fees on bills, which can be "financially devastating," Parker said.
Update your security software now before you start making your holiday purchases and make sure both your firewall and antivirus programs are working, said Durbin. Avoid clicking on emails from companies you have never heard of, and don’t download attachments "unless you are 100% certain that they’re genuine," he said.
Changing your passwords often can prevent unauthorized access to your accounts, said Allen Duffin, manager of fraud resolution for PNC Bank, the Pittsburgh-based financial institution.
"Identity thieves may steal user IDs and passwords from one Web site and use them to log into other sites," he said. "If you notice suspicious transactions when reviewing your account statements or online activity, immediately call the number on the back of your card."
Look at the Device
Examine the credit card device, especially if you are paying for gas or getting cash from an ATM since criminals can manipulate the device to capture the payment card information, he said.
"If something looks wrong or there is something a little off about it, trust your instincts," Parker said. "If it looks like the device has been tampered with, better safe than sorry."
Where Hacking Will Occur
An increase in "multi-vector attacks" that are deployed in numerous stages are expected this year as the popularity in online shopping increases, said Parker. Consumers will receive many emails touting "great deals," which will direct users to a malware infected link.
"I am going to go ahead and say that there is at least one large retailer that is going to be impacted by a data breach this holiday season," he said.
An uptick in the number of phishing emails masquerading as emails from banks warning of unusual card activity have already occurred this year. These emails direct people to a Web site that looks similar to the bank’s Web site, but is designed to gain access to the user’s credentials.
"Consumers should never click on an email link from their bank and should visit their bank’s Web site directly by typing in the URL and using the messaging system offered on the banks Web site," he said.
There are numerous Black Friday and Cyber Monday scams to watch out for, including ones involving gift cards, fake ads and coupons, fake eCards and videos, said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.
"Consumers need to watch out and be especially vigilant in cyberspace as we head into the holiday season," he said. "Just as scams and online tricks occur after major global events, such as natural disasters or political announcements, the holiday season is a time when many consumers leave their guards down, while the potential for danger is up."