American shoppers are set to participate in what’s expected to be the largest Cyber Monday shopping frenzy yet next week, surpassing last year’s record sales of $ 3 billion — and fraudsters are ready to cash in on it.
Consumers hitting the web for Black Friday or Cyber Monday deals are at a high risk of identity theft and hacking, with thousands of unsafe and malicious websites posing as vendors, according to a study of five leading e-commerce retail brands from cybersecurity company RiskIQ. There were over 1,100 malicious websites posing as those five brand names that also had references to Black Friday or Cyber Monday to lure customers into scams, and 1 in 10 mobile apps found under a “Black Friday” search in app stores were unsafe to use.
With attacks becoming more pervasive and sophisticated, consumers have to be cautious when looking for deals online over the next week. Here are five ways to protect yourself while shopping online, so you can take advantage of deals — without being taken advantage of by hackers.
1. Create unique usernames and passwords
If you are able to remember your password, it’s probably not a great one. Security experts suggest using complex passwords that include a variety of numbers and characters, or long strings of random words. The majority of internet users have dozens of accounts, making it difficult to remember every password. To keep track, use a password manager like LastPass or 1Password, or go the old school route and write passwords down on paper to be stored in a safe place.
Most consumers know by now that using the same password for every site is poor privacy practice, but many overlook the importance of username security, said Shaun Murphy, CEO of online security-focused social platform SNDR. “To keep your online history private from criminals, create a unique username for each website on which you shop. For example, YourName+StoreName is a better username than your name plus a few numbers.”
Consumers who choose to use a password manager should be sure to keep the master password in a safe place. Password managers aren’t impervious to hackers (LastPass announced a hack in 2015) so be sure to change all passwords regularly.
2. Monitor your bank account
This time of year, consumers are often making an unusually high number of purchases, so they should be extra vigilant to make sure account activity is legitimate. “A lot of theft that occurs goes unnoticed, and once it is noticed often the goods and services have been delivered,” said Marc Boroditsky, vice president at security app Authy. He suggests turning on notifications to be alerted when purchases are made. “That kind of visibility gives me confidence I can confirm there is not fraud on my account and allows me to participate in the process.”
Many banking apps allow users to set mobile notifications for all account activity. Some vendor sites like Amazon AMZN, +2.15% also offer the option to receive text message notifications when purchases are made, and the ability to receive status updates on shipments. The influx of alerts may be a nuisance at any other time of the year, but are worth the distraction around the holiday spending season.
3. Be aware of links
Thousands of malicious mobile apps and misleading landing pages put users at risk of being hacked, according to the RiskIQ study. When shopping online, make sure you are shopping on a store’s actual website before inputting any personal information or a credit card number. Bad web design is a major red flag for scam webpages. Users should make sure the URL is correct and begins with “HTTPS,” or has a lock symbol next to the web address, which means it is encrypted. Double check promotional emails that advertise deals to make sure the sender’s email routes to the website of the company it is claiming to be (something like firstname.lastname@example.org rather than email@example.com or firstname.lastname@example.org, for example).
Nearly 30% of shopping is expected to be done on mobile devices this year, which aren’t as safe as once thought: in 2015 it was found that 85 applications had infected users with malware, according to RiskIQ. Nearly 1 million blacklisted apps used the name of one of the top five e-commerce brands in their app titles or descriptions to trick customers. Be sure to only download apps from the official Google GOOG, +0.99% or Apple AAPL, +1.42% app stores, and research them well before using them. Don’t rely on reviews alone, as they can be easily spoofed — your best bet is to download apps that are linked on the retailer’s official website if possible.
4. Don’t shop on public Wi-Fi
When making Cyber Monday purchases, be sure to shop on secure Wi-Fi at home, not a coffee shop, airport, or other public network. If you must shop while on the go, use a mobile device with a data plan or a personal hot spot created from your phone. Stand-alone mobile hot spots can also be purchased from phone providers like Verizon. Users shopping by laptop on public Wi-Fi can also implement a Virtual Private Network (VPN) like Private internet Access or Freedome to obscure and protect their web traffic and better ensure security.
5. Use two-step authentication
Nearly every email client now allows users to opt for two-step authentication, which works as a normal login with a username and password but requires a verification code sent through a separate device like a phone for access. This second layer of security is a great way to ensure the only person who signs into your account is you. In addition to setting up two-step authentication on email, Cyber Monday shoppers should check if the retailers they are purchasing from offer their own security measures. Vendors like Amazon and Etsy ETSY, +3.02% offer two factor authentication — check out TwoFactorAuth.org to see if the store you’re purchasing from does as well.