As we turn to the internet to meet our basic needs (and our holiday wants), it’s important to keep your guard up and protect yourself from security threats online. Here are some pointers to keep you and your family safe online this holiday season and beyond.
Shop from a secure computer
Protecting yourself online from security threats starts at home – or at least at your home computer. If your computer or phone is compromised, then all of the information on it is vulnerable. That includes your passwords, information like your address and social security number, credit card details, and more.
To ensure you're protected from malware, viruses and keyloggers, a quick and simple download of Sophos Home will handle it all – including blocking compromised websites, providing privacy protection, and stopping unauthorised access to your webcam. Sophos Home offers the most comprehensive, effective protection on the cybersecurity market.
Likewise, you may want to avoid shopping on a public computer (like at a library or school), since you don’t know whether or not it’s protected, and whether the virus protections are up to date.
Malvertising—What it is and how to avoid it
“Malvertising” is a word for fake advertisements on legitimate websites. These ads can spread code that can harm your computer. You don’t have to go to a suspicious website in order to fall victim to malvertising. These malicious advertisements can show up anywhere. In 2016, a music streaming app was hit with a malvertising campaign. Search engines are not immune, either, and even the ads on search results have been manipulated into serving up malvertising.
These advertisements may look normal. They might promise great deals, PDF guides, or, ironically, even virus protection. But once you click them, they redirect you to sites that deliver harmful code to your computer. Without you realizing it, your computer could be compromised with viruses, or with spyware that tracks your movements or steals your private information.
To be safe, don’t click on banner ads, and be wary of any deals that seem too good to be true. For some malvertising attacks, you don’t even have to click on the ad to be at risk. Google is constantly trying to prevent this from happening. To be protected all of the time, you may want to install an ad-blocker, and you definitely want to install a reliable computer security program like Sophos Home.
Look out for scam emails
One of the biggest online security threats doesn’t happen on main shopping festivals itself, but the day after. That’s when scammers start sending out fake emails claiming to be from your favorite online retailers.
These emails may claim to be from e-commerce websites. They may offer impossibly good deals, or claim there’s a delay with your order, or even give you a fake tracking link that will take you to a virus-laden site instead of a legitimate package tracking page. Scammers don’t actually know if you’re waiting on a package. But they know if they send these emails out to enough people on the biggest shopping weekend of the year, they’ll reach people who are.
Sometimes you can identify these emails by spotting spelling mistakes, or by looking closely at the sender’s email address. But others can be very convincing. If you get an email claiming to be from a retailer and it seems even a little suspicious, don’t click any links and certainly don’t open any attachments, like .zip or .exe files. Instead, go directly to the store’s website and check your order status there.
Keep a close eye on your credit card and bank statements
Many people try to keep a close watch on their spending around the holidays, but you might want to watch your credit card and bank statements for another reason—to look out for fraud.
Luckily, most financial institutions let you check your account online whenever you want, without having to wait for a monthly statement. If you see any transactions that you don’t recognize, you can call your bank or credit card company to report it. Likewise, pay attention to any alerts from your bank about suspicious spending, especially this time of year. They may not always hit the mark, but it’s better to take a couple of seconds and double-check.
Unfortunately, credit card fraud is widespread. Banks are typically very responsive to reports of fraudulent transactions, so you’re likely to find yourself with a refund and a replacement card on the way in no time at all.
Use strong passwords and multi-factor authentication where you can
Strong passwords are an absolute necessity for online security. They’re especially important on sites that let you spend money. Some quick password guidelines:
- Use different passwords for every site. Reusing passwords means that a hacker who gets just one password can access anything you used that password for. Different passwords for each site can minimize the damage from a stolen password.
- Length matters. Many password attempts are brute-force attacks, where a program just guesses every possible password until they crack it. The longer your password is, the less likely these attacks are to work.
- Keep it secret. Other hacking attempts are social engineering attacks, where someone tries to learn information they can use to guess your password. (If you love posting pics of your dog Scruffy on social media, don’t use “Scruffy” in your password!) Don’t share your passwords (or anything that could hint at them) with anyone.
- Keep it safe. If you need to store your password somewhere, keep it on a piece of paper, hidden in your home. Keeping your passwords on a Google Drive document or an email leaves them vulnerable, but you can’t hack paper.
- Consider a password manager. These programs can keep your passwords under lock and key, leaving you with only one password to remember. (Make sure it’s a good one!) Of course, the password manager has to be from a company that you trust.
- Use multi-factor authentication when possible. Multi-factor authentication (MFA) verifies your identity through more than one channel. For example, when you log in with your password, you may also get a text to your phone with a one-time passcode to enter. This means someone would need your password and your phone to get into your account. It’s an important extra layer of security. (Note: you may also see this referred to as “two-factor authentication” as well.)
Only shop on secure websites
When you’re shopping online, only use websites that will keep your data secure from hackers. These encrypted websites will start with “https” instead of just “http”. Another sign: When you’re on these secure sites, the address bar of your browser should display a lock on the left-hand side. This means they’re using strong TLS/SSL (Transport Layer Security/Secure Sockets Layer) encryption to protect your information.
Using secure websites helps ensure that your payment information is kept safe when you submit it to the site. The good news is that most online shops these days are secure, but you should still always check.
For careful deal hunters, the holiday season can be a great time to upgrade your appliances or find holiday gifts for your loved ones. Just be thoughtful about when and where you click and make sure you’re protected with computer security that can detect viruses, block malicious websites, and more.