The holiday shopping season is primetime for hackers who are prepared with their phishing scams and malware to lure unsuspecting shoppers eager for deals via social media and online.
The mega deals being offered for Black Friday and Cyber Monday are often fraught with weak security measures, fake websites or attempts for cybersecurity criminals to obtain more financial data from consumers.
"With Black Friday and Cyber Monday just around the corner, people will be pulling out their wallets more than any other time of year," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company. "But remember, every credit card you open is another bank and/or retailer that now stores your personal and financial information."
Black Friday and Cyber Monday have become "Christmas morning for hackers and cybercriminals," said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management.
The hackers have been gathering data year round on ways to pretend to be consumers and their attempts will be very realistic.
"Of course, not everyone is a criminal and there will be genuine offers, but stop and think before your click that button," he said.
Once the hackers have your credit card data, PIN or password, they are primed to target your other credit card or banking accounts as well as your identity.
"The more places you give a hacker to compromise your information, the more likely you are to become the next victim of fraudulent activity or identity theft," Wenzler said.
The weakest link currently are store credit card because many are lackadaisical with the latest security measures and have not implemented them.
"Not only is the potential for fraud higher, but it may be harder for a consumer to challenge fraudulent charges and eliminate the impact to their credit report or not be held liable for the charges," he said.
Before shoppers agree to open a new account for the holidays to obtain the savings, they should verify that the card and account are protected with EMV chips and determine what the bank or retailer's policies are regarding any potential liability for fraudulent charges.
The fraudsters will also tempt shoppers through endless emails where they can try out their abundance of phishing attempts.
"Take just a moment to stop and think and then carefully read through emails to make sure they don't have any of the obvious signs of being a fake message," Wenzler said. "Never click on links within an email and instead, go directly to the webpage of the organization that the email claims to be from."
Fraudsters take advantage of all the discounts retailers offer and as the deals pile up and start earlier every year, the chaos is "something black hat hackers exploit," said Mary Ann Miller, a senior director and fraud executive advisor for NICE Actimize, a Hoboken, N.J.-based financial crime software solutions provider.
"Watch your statements and check your bank balance, it's easy to do in your mobile," she said. "Be aware of any unsolicited phones calls or text messages that claim to be an alert to alarm you, these are often social engineering fraudsters."
Before you start shopping, this holiday season is a good time to do your annual security checkup for all your devices around the home. Update your security software and check that the firewall and antivirus is working.
Shoppers are often enticed by deals that appear to be too good to be true. If you have not heard of the retailer or distributor, do a quick due diligence check on Google or even on Facebook about the brand or company, Durbin said.
"Use legitimate and recognized sites," he said. "Beware of email 'offers' from companies you do not recognize and even those that you do recognize but shouldn't be emailing you - they'll likely contain a click through link or even an attachment. Don't click through or download the attachment unless you are fully certain that they're genuine."
Apps are another vulnerability for consumers who conduct most of their shopping from their apps. Ensure that the app is secure and comes from the brand or company and is not merely a copycat.
"Make sure you are using trusted apps from reliable sources and that your smart phone has the latest updates for both your app and operating system," said Dan Lohrmann, chief security officer and chief strategist at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.
"Makes sure transactions are encrypted use https or look for the lock symbol on your PC," he added. "Use screen lock with password in case you lose your phone."
Consumers should not fall prey to all the random links out there even though they are extremely convenient, said Joseph Carson, chief security scientist at Thycotic, a Washington D.C.-based provider of privileged account management (PAM) solutions.
"We are a society of clickers and we like to click on things such as hyperlinks," he said. "As always, be cautious of clicking on something which might be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30% of people will click on malicious links and we need to be more aware and cautious. Before clicking, stop and think."
TheStreet's "Black Friday and Holiday Shopping Survival Guide" series aims to help you, the consumer and the investor, navigate the holiday season, Black Friday, Cyber Monday and everything in between. Through a number stories, videos, graphics and other multimedia elements TheStreet takes a look at the biggest challenges of the season, the winners and losers from the shifting retail environment and much more.Read More about navigating the holiday season.
More of What's Trending on TheStreet:
- 20 Companies Marching in the Macy's Thanksgiving Day Parade
- Here Are the Lessons 2007 Bull Market's Peak Can Teach Investors
- 10 Best Black Friday Tech Deals From Amazon, Best Buy, Walmart and More
- Black Friday and Holiday Shopping Survival Guide -- TheStreet Special Report