When some big event like the World Cup, Olympic Games, or the Superbowl is close at hand, the cyber criminals are more active. This also applies to holidays, especially the ones where you spend lots of money. “Cyber Monday”, the Monday following Black Friday, is a huge day for online retailers, and the scammers and crooks have taken notice.  This trend is increasing rapidly; IT Security Guru reports just this past Black Friday/Cyber Monday, attempted fraud was up 22% over the non-holiday average.

I spend my day job working with people whose job it is to protect our financial system from criminals and cyber intrusion, I thought I’d share some ways you can help protect yourself from those who would wreck your holidays, or worse.

Getting Started

First, change your passwords, especially those that have anything, however remotely, to do with your bank account and credit cards. Use a different one for each account. That way if one gets compromised, hackers can’t gain access beyond that account. Some people use software that stores passwords for you so you don’t have to remember them all, but I dislike the idea. Software is just too permeable, too easy to compromise; if they hack your password safe, they’ve got everything. By the way, I tend not to trust browsers offering to store your password when you log into some site. If your computer is at home, it’s better (in the absence of a really good memory) to just store all those passwords written down and kept someplace safe.

Revisit your privacy settings on any social media networks you use, and make sure you both understand them, (not always an easy thing) and have them set to your satisfaction. While you’re at it, put some tape over your laptop’s camera. Check your browser to see if they offer a “do not track” option, and turn it on. Turn on your pop-up blocker.

It’s probably a good idea to sign up for free scam alerts from the Federal Trade Commission at ftc.gov/scams, which track spear-phishing scams, charity fraud, credit report scams and more. You can also sign up for fraud alerts on your credit cards. 

Confirm that you have the latest version of your operating system, including all the security updates. Always, always run those system updates, no matter how annoying; most of them involve security improvements and patches of some kind. If you have anti-virus software check to make sure you have the latest version. This might also be a good time to look into purchasing a service contract with whomever sold you your computer or phone. Get one that includes data recovery services.

While not as popular as it was last year, ransomware remains a serious threat that will encrypt and lock up your files until you pay the scammers for the decryption key. A good countermeasure against this is to have current backup copies of all your files. That way you just restore everything and move on. 

Avoid shopping online via public networks, most of which are not at all secure. There are ways to do this safely, but it involves configuring your computer or phone to use a virtual private network (VPN) or other more elaborate countermeasures that most people don’t have the expertise to do on their own. It’s easier to avoid sharing any private data on public wifi networks. Incidentally, check with your local ISP to see if they have any tips for securing your home internet service.

Email and Browser Attacks

Despite all the technical wizardry displayed by today’s cyber criminals, the most effective way into someone’s system is the good old fashioned spam email. We’ve moved far beyond the Nigerian Prince email, folks. “Phishing” emails will have subject lines pertaining to the times, something about upcoming holiday sales, offers of extended credit, coupons, or charity donations. One very popular one purports to be from FedEx or Amazon, telling you they have package for you, but need some critical piece of information before they can deliver it. Most spam filters catch these, but a few make it through, so be wary. 

Don’t download attachments unless you are absolutely sure of its source. Even then, it might pay to check. If your private information has been compromised, a clever scammer can make the email look like it came from a friend, co-worker, or even a family member.

Spotting Scam Spam

If you see an offer like this and it seems like it may be legit, here’s a good way to check: there will usually be a URL to click on. Position your pointer over the link, but don’t click on it. Usually browsers have a window where you can see the address of a link you’re hovering over. Look carefully at the address. If it looks in any way different from what you expect, don’t use it. Usually, fake sites pretending to be from a big company like Amazon or Nike or Walmart have addresses that are slightly “off”; the company name is misspelled, or part of a longer address that has nothing to do with the company. If you see anything at all fishy (phishy?). Delete the email.

If you’re still curious, however, use Google to search for the company’s customer service center, and contact them. The same goes for phone numbers in unsolicited emails; look up the company on Google and compare the numbers, or just Google the number in the email; someone has likely reported it already if it’s a scammer.

Incidentally, the same goes for pop-up ads. Be particularly skeptical of pop-ups or emails that impose a short decision window (“Hurry! Offer ends in one hour!”).

Securing Your Money

When you shop online, use a credit card instead of a debit card. Most credit cards have some form of fraud and liability protection. Since the money isn’t taken directly out of your checking account, you have a window of reprieve to stop the transaction.

Also, consider putting a freeze on your credit report. This prevents anyone from pulling your credit score without your permission (this should be the norm anyway, but whatever). Some fraudsters can get enough personal information from their victims that they can open an account in their name, then apply for a credit card, which they proceed to max out, leaving you stuck with the bill. 

I haven’t said much about securing your phone, which is a whole other issue, but there are some good tips for Android and iPhones.

Total cyber safety is never a guarantee (that was a disclaimer, in case you hadn’t noticed), even if you do everything that’s expected. But by following the tips in this post, you can stack the odds in your favor and go on to have an enjoyable holiday season.