Over half of American consumers do their holiday shopping online, and this number has only increased since the pandemic. While it may be convenient, shopping online also increases your risk of identity theft, scams, and other cybersecurity risks. TenHats is a leading IT service provider in East Tennessee, managing cybersecurity for small businesses and large enterprises. While we protect data for organizations, many of the same principles apply to consumer spending.
Our holiday cybersecurity tips include:
- Protect your personal information
- Be careful what you click on
- Beware of suspicious emails
- Switch to a virtual credit card
- Double-check social media giveaways
Holiday Cybersecurity Tips for Online Shopping
1. Protect Your Personal Information
You can never be too careful when sharing your information online. While this may seem obvious, what isn’t so obvious is all the ways someone can access your information.
For example, you might be careful to not share your home address on social media, but then your photos are location-tagged with your city and local businesses you frequent. If you upload a family portrait taken in the front yard with your house number visible in the background, you’ve now shared most of the information someone would need to piece together your address.
In today’s world, it’s nearly impossible to be completely private online, so it’s also a good idea to build awareness of what information is already publicly available. For instance, all someone has to do is search for you on LinkedIn to discover your current company and alma mater. This information could then be used in a socially engineered phishing scam—you might get an email claiming it’s from your boss or the alumni relations coordinator at your university.
When you remember that anyone can find this information about you, it helps you maintain a healthy skepticism. That leads to the next point.
2. Be Careful What You Click On
Cybercriminals love to use malicious links that lead to fake websites. They accomplish this through carefully crafted social engineering that encourages you to click links that compromise your cybersecurity. These digital criminals can accomplish this by creating a sense of curiosity or preying on your fears. This allows them to steal login credentials as well as distribute malware (malicious software).
Malware comes in many forms, including:
- Viruses
- Ransomware
- Spyware
These and other types of cyberattacks can lead to significant damage to your personal and professional data. For instance, cybercriminals can use these vulnerabilities to gain unauthorized access to your system or execute malicious code. This can have devastating effects on your personal and professional finances along with your reputation.
Most small businesses aren’t ready for a cyberattack. Find out why.
3. Beware of Suspicious Emails
You can encounter malicious links in a number of ways, but email is one of the most popular ways to spread them. They make for a simple yet effective way for cybercriminals to steal your data.
The process usually goes like this:
- You receive an email with an appealing attachment or link. Maybe it says “track your package,” which makes sense because you’ve recently done holiday shopping.
- When clicked on, you’re directed to a seemingly legitimate and trusted website, but you have to log in.
- You’re asked to share your account information, including your password.
If you do this, you may have just given your login credentials to a cybercriminal. Some viruses go to work as soon as you click the link and download the attachment.
To avoid being scammed, make sure to always call whoever seemingly sent the email in the first place. This could be your boss, bank, or other source that you would usually trust. If you do need to track a package, navigate directly to the USPS or UPS website and enter the tracking number.
4. Switch to a Virtual Credit Card
Virtual credit cards offer enhanced cybersecurity because they are temporary and have limited use. They’re generated for a single transaction or a short duration, with unique numbers that aren’t tied to the physical card. Even if a cybercriminal accesses their virtual card details, they are useless beyond the designated transaction, providing a crucial defense against unauthorized use.
Current virtual credit cards include the:
- Capital One Eno
- Bank of America ShopSafe
- Citizens Bank Virtual Card
- Revolut Disposable Virtual Card
- PayPal Key
Additionally, virtual cards can be configured with specific spending limits and expiration dates, adding further protection. This prevents potential attackers from making large or recurring transactions even if they manage to obtain the card information.
Moreover, virtual cards are immune to common threats like card skimming or physical theft since they’re not physically present. They also eliminate the need to share primary card information online, reducing the risk of data breaches or interception during online purchases. You can get one through your bank or credit card company, online platforms, and third-party providers.
5. Double-Check Social Media Giveaways
Social media giveaways are a popular way for brands, online creators, and celebrities to gin up interest and increase engagement. Unfortunately, they’re also a great way for scammers to take advantage of shoppers during the holidays. Knowing how to spot these scams will help protect your data, finances, and reputation.
The first thing to do is consider if you’re familiar with the particular creator or business. There’s a huge difference between an influencer or brand you’ve followed or known about for years versus some random account on X (Twitter) or TikTok. For example, if an account created a month ago is advertising a giveaway, that’s suspicious.
Secondly, are they asking for reasonable information to enter the contest? Reasonable requests include:
- Liking a post
- Sharing a post
- Tagging a friend
However, asking for your financial information, personal information, or other data is a major red flag.
Common Holiday Online Shopping Scams
Fraud
Cybercriminals employ various tactics to deceive individuals or organizations, aiming to steal sensitive information like credit card details or login credentials. This information can be used for unauthorized transactions or identity theft, compromising your financial security. At TenHats, we help prevent fraud attempts before they have an opportunity to reach your system.
Learn which industries are most vulnerable to cybercrime.
Imposters
Impersonation schemes involve attackers masquerading as reputable entities, like:
- Employers
- Banks
- Government agencies
They use social engineering to coerce victims into providing confidential data or performing actions that compromise their security. This can lead to financial loss or identity theft.
Phishing
This scam involves sending seemingly legitimate emails or messages that prompt recipients to divulge personal information or click on malicious links. By mimicking trusted sources, cybercriminals trick users into revealing passwords or installing malware. This grants them unauthorized access to accounts or systems. Our team works to block these attempts with different authentication points to prevent them from doing any harm.
Learn how to detect phishing emails with these 6 red flags.
Brushing
In this scam, fake reviews or purchases are fabricated to boost a seller’s online reputation. Although it may not seem directly related to cybersecurity, it’s indicative of fraudulent activities within e-commerce platforms. It can potentially expose buyers to counterfeit products or scams.
Fake Crypto Exchanges/Investments
Malicious actors create bogus platforms that mimic legitimate cryptocurrency exchanges or investment opportunities. Unsuspecting victims may deposit funds, only to have them stolen or lost. These scams erode trust in legitimate crypto markets and jeopardize financial assets.
Businesses—Don’t Make Yourself a Target
Educate your customers and employees through clear communication channels, such as:
- Websites
- Emails
- Social media
Use these channels to outline official communication methods and warning signs of scams. For example, banks can email reminders to their clients that they will never ask for account numbers over the phone.
Regularly update your customers on common scams and provide examples of legitimate communication. This can include resources like guides or videos on spotting impersonation. Implementing multi-factor authentication and having customers verify their information before sensitive transactions is another critical step toward protecting yourself and your customers.
Encourage your customers to promptly report suspicious activity. This helps foster a culture of trust and transparency, reassuring customers that their safety is a top priority. It also helps large and small businesses alike shore up their cybersecurity.
Your organization should also consider partnering with cybersecurity organizations like TenHats for additional resources and expertise. We can help you secure your customers’ data as well as vet third-party software.
Are you concerned about your organization’s cybersecurity? Take our cybersecurity self-assessment quiz today to see how you score!
For secure online holiday shopping, safeguard your personal information, beware of deceptive links, be cautious of suspicious emails, and verify with trusted sources before taking action. Businesses should educate customers about scams through various channels, promote multi-factor authentication, and encourage reporting of suspicious activity. Partnering with cybersecurity experts like TenHats can provide additional protection and resources.
In 2016, TenHats built the region’s first purpose-built colocation data center in over 20 years. Located in Knoxville, TN, our data center can serve any organization in East Tennessee and beyond. With our team’s IT experience, we provide a lot more than simply protected data. When you call us, you talk to a real IT expert. Connect with our team about our data center today!
