By Julie Goldstein, Cyber-Risk IT Security Analyst, UCOP, adapted from a UC Santa Cruz article. Online holiday shopping continues to grow in popularity. Last year’s Cyber Monday sales reached approximately 3 billion dollars, an increase of 12-16% over 2014’s record-setting sales. Mobile sales, in particular, boomed, accounting for approx 27% of that figure — an increase of at least 50% over 2014. Cyber Monday sales have more than tripled since 2009, and there’s every expectation that the trend will continue. 
At the same time, criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal passwords, trick you into revealing valuable information (personal, financial, etc.), or trick you out of money.
Fortunately, many cyber-threats are avoidable. Keep these six tips in mind to help protect yourself from identity theft and other malicious activity while shopping and browsing online during the holiday season and throughout the year:
- If an offer seems too good to be true, it probably is. Don’t be fooled by the lure of great discounts.
- Watch out for fake package tracking emails and fake e-cards. These often come with malicious links or attachments designed to infect your device or steal your account information.
- Always think twice before clicking on links or opening attachments. Be cautious about all messages you receive, even those that appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank. The messages could be spoofed and be malicious. Use known, trusted URLs instead of clicking on links.
- Never reveal your password.
- Don’t ever give your financial information or personal information via email or text.
- Limit your online shopping to merchants you know and trust. Go to sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
ADDITIONAL WAYS TO PROTECT YOURSELF ONLINE:
- Pay by credit card, not debit card. Credit cards offer protections that may reduce your liability if your information is used improperly. Debit cards typically do not have the same level of protection. Also check your statements regularly.
- Look for “https” before logging in or entering any information online. Make sure web page addresses (URLs) begin with https, not http. The “s” stands for “secure” and indicates that communication with the webpage is encrypted.
- Make sure your browser is current and up-to-date.
- Only use apps from known, reputable sources. Malicious software (“malware”) designed to steal credit card and other sensitive information can be downloaded onto mobile devices from seemingly legitimate shopping apps. Update your apps when notified. Also disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data being intercepted by thieves.
- Don’t respond to pop-ups. If a window pops up promising you cash, bargains, or gift cards in exchange for answering a survey or other questions, close it. Don’t respond. Similarly, don’t respond to popups telling you you need to buy anti-virus software or software to “clean your infected computer”. These are all scams.
- Keep your devices up to date and virus free. Be sure your computer and mobile devices are current with all operating system and application updates. Anti-virus/anti-malware software should be installed, running, and receiving automatic updates.
- Don’t auto-save your personal information or passwords. When purchasing online, you may be given the option to save your personal information or password online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the amount of time you would spend trying to repair the loss of your stolen personal information or passwords.
- Don’t use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your information and passwords. Additionally, criminals may intercept traffic on public wireless networks to steal credit card numbers and other sensitive information. Set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure hot spot.
- Secure your home Wi-Fi. To prevent eavesdroppers and data thieves, enable strong encryption on your home wireless network – WPA2 is recommended. Make sure you control who has administrative access to your home network, and that all users are required to sign in with a strong password before connecting.
- Be alert for charity donation scams. Cyber criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests as a means to gain access to your information or computer/device. Don’t click on links in emails requesting donations. Contribute by navigating to the trusted address of the charity.
- Secure your computer and mobile devices with a complex password. Don’t use the password for any other accounts. Set a timeout that locks your device after a period of inactivity, and be sure your devices require a password to start up or resume activity.
- Don’t post pictures of tickets to concerts or sporting events on social media sites. Protect the barcodes on tickets as you would your credit card number. Fraudsters create tickets using barcodes they find on social media sites and resell the tickets.