Historically, 40 percent of online fraud occurs in the last three months of the year, but experts predict that figure could be even higher this year. According to an estimate from Forrester Research, online holiday sales in the U.S. are expected to be at their highest ever, an estimated $95 billion. With so much credit card and personal information online this time of year, along with the new chip technology now making it harder to steal in-store data, this holiday season shows signs of attracting more online fraud being delivered in increasingly clever ways. There are a number of practices you can do help protect you from these online threats if you know what to look for.
Threat: Fake apps with malware
CNETreports that over the Thanksgiving weekend,Zscaler, an Internet security firm, uncovered a malware campaign encouraging people to download fake apps offering early access to Amazon.com Black Friday and Cyber Monday offers and deals. When the fake Amazon app is installed, it loads another child app that asks for administrative privileges and other risky permissions like sending SMS and dialing phone numbers. Even if you recognize the app as bogus after you download it and you think you have deleted it, the child app will continue to run in the background collecting personal data from your phone.
You can protect yourself from this threat by making it a practice to only download apps from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not ask for access to your contacts or SMS.
Threat: Spoof emails
Last year, wereported that online shoppers were asked to confirm an online order with a click which downloaded malware to your device. This year’s holiday spoofs have become even more sophisticated. Hackers have set up fake websites that look like they are from known companies and then attract us with an email promising great deals. Click the link and you've downloaded malicious software. Some even try to trick you into providing personal information and a credit card number.
There are a number of ways you can handle spoof email which we detail in arecent blog. A quick way to tell if an email is legitimate is to check the “reply to” address carefully for clues to its origin. Also, avoid going to a website from a link in an email or a Facebook post; instead, type the company’s URL into a secure browser and go directly to the site.
Threat: Free Wi-Fi
Be wary of free Wi-Fi. Hackers are enticing holiday shoppers to use their free Wi-Fi in shopping malls where Wi-Fi might be scarce and phone signals weak. You might be tempted to price compare while shopping, however, we recommend that you find a location where you can use your phone’s data plan. Whether in a mall, while traveling, or in a coffee shop, never use an unsecure Wi-Fi connection to check your bank account. What to learn more? We’ve included other ways to protect yourself when using public Wi-Fi in our blog:How to protect your data when using public Wi-Fi.
Threat: A deal that seems too good to be true
Web sites will be doing their part to lure you to their pages with flashing “Sale” signs. Be very wary of doing business with new-to-you companies, especially online. As most online purchases are made with credit cards, if the company is a front for a hacker, you just gave them your data. If you find a “must have” deal that you’re willing to take the risk on, use a credit card (not debit) or Paypal which come with buyer protection.
You should monitor your credit card statements more frequently this time of year. It is common for criminals who have stolen credit card information to test out a card with small purchases to make sure it's valid. Credit cards also offer the option for transaction alerts that will send you a text message for all transactions over a certain amount. Some credit card companies also let you tie the location of your smartphone to your credit card.
Don’t let the cyber-Grinches steal your data and, potentially, your money. Now – and all year round – be informed and use good data security habits. For more information, check out our other blogs for a quick refresher on everyday best security practices.
Related Data Security Blogs