The number of hacking incidents are likely to rise as more people shop online through their laptops, tablets and smartphones. Comparing online deals with those offered by the retailers at their brick and mortar locations at malls and shopping centers can also lead to more personal and financial information being stolen by cyber criminals.
Here are 13 tips to ensure your online shopping experience doesn't have hackers looking over your shoulder.
Tips for Safer Online Shopping for the Holidays:
1. Avoid Public WiFi Like the Plague
Don't use it, period, but never ever use it for online shopping, banking or account logins, said Jason Glassberg, co-founder of Casaba Security, a white hat hacking firm headquartered in Redmond, Washington.
2. Don't Reuse Passwords
Every account should have its own unique password. Use a password manager like 1Pass so you don't have to remember them, he said.
"This will enable you to create really long, strong passwords for each account," Glassberg said.
3. Use Multi-Factor Authentication (MFA)
When you use multi-factor authentication, it's best to not rely entirely on text message authentication as your second authenticator, he said.
"Google Authenticator is a great example of a third party MFA that will avoid the risk of SIM jacking," Glassberg said.
4. Use Two Web Browsers
Use one web browser to surf the web and another one to place online orders, Glassberg said.
5. Google Pay for Online Forms
Use a service like Google Pay to auto-fill online forms because this reduces your risk of formjacking where personal data is stolen from online forms, Glassberg said.
6. Don't "Swipe" at the Card Reader
Try to use only EMV systems such as chip-and-PIN since these are more secure, he said.
"If you have to use an older swipe reader, then opt for "credit" instead of "debit" as that way you're not exposing your PIN too," Glassberg said.
7. Check Your Financial Accounts Regularly
Check your bank and credit card accounts at least once a week for any signs of fraud, Glassberg said.
Sign up for bank alerts that can alert you to every transaction over a certain dollar amount.
Every bank and credit card should have it set up where you get a text/push/email alert any time you card is used or there is activity on your bank account, said Alex Hamerstone, GRC practice lead at TrustedSec, a white hat hacking firm headquartered in Strongsville, Ohio.
"My threshold is set to zero so I see all activity instantly," he said. "In a restaurant, I get the alert on my phone even before the server brings my card back."
8. Use a Credit Card, Not a Debit Card
If you are a victim of fraud you don't owe any money to the credit card company. If you use your debit card, you have to file a claim and wait to get your money back, which is not a fun prospect, especially around the holidays, said Hamerstone.
9. Wipe Out Old Data
If you get new electronics this year, change the default settings and wipe your old data before tossing or donating it, he said.
10. Use a Separate Credit Card
Use a separate credit card with a low credit limit for shopping online, said Randy Pargman, senior director of Binary Defense, a cyber threat intelligence firm headquartered in Hudson, Ohio.
"If that card number is stolen and misused by criminals, the damage will be limited," he said.
11. Don't Click on Websites
Cybercriminals are trained in the art of using social engineering to lure unsuspecting victims to click on a simple, seemingly harmless link, said Joseph Carson, chief security scientist at Thycotic, a Washington D.C.-based provider of privileged access management (PAM) solutions.
"Cybercriminals take advantage of victims when they are most vulnerable and this is especially true when making impulse decisions when shopping online," he said.
The links could be an extremely malicious malware waiting to take over your account, steal your money or even worse steal your identity.
"Cybercriminals use fear, time and money to lure victims to making them do something they wish they had not," Carson said.
12. Avoid Limited Bargains and Deals
If the deal sounds too good to be true, then there is likely a catch.
Criminals use fear to grab the attention of consumers such as a "once in a lifetime" sale or a deal that ends in the next 24 hours.
"You expect that you will get these limited specials, however, the cybercriminals are simply trying to abuse your vulnerable trust," Carson said. "Cybercriminals will sift through tons of social media information to search what you are looking for and offer you the best deal in the world simply just to steal your password to your accounts."
Beware of email offers from companies you don't recognize and even those that you do know but shouldn't be emailing you because they will likely contain a malicious click through link or even an attachment, said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. "Don't click through or download the attachment unless you are completely certain that they are legitimate."
13. Update Your Security Software
Now is a good time to update your security software on all your electronics, including your desktop, laptop, tablet and smartphone.
"When shopping online, especially at a busy time like the holidays, be sure to update your security software and check that your firewall and antivirus is working," Durbin said. "Always use genuine and familiar sites. If you don't know them, check them out via Google or your favorite search engine."