So you’re last-minute panic shopping. That’s okay, no judgment here.
But while you’re making hasty online purchases, consider your digital security so you don’t get more than you bargained for this holiday season.
Here’s what Tampa Bay cybersecurity experts recommend to keep you safe from scams and hackers looking for an easy target — even after the holidays wrap up.
Start with the basics
Before you start making any purchases, let’s warm up. Update your device’s operating system software to the most recent version to avoid falling victim to any known software issues that someone might take advantage of, said security firm A-LIGN’s Joseph Cortese. Next, update your web browser to avoid the same kind of issues there. And when you go to a website to make a purchase, check that the site’s address has “https” in front of it — the “s” indicates that your connection to the website is secure so someone spying on your web traffic can’t see information such as passwords or payment card information that you send.
“Everybody’s online more, so there’s an increased presence of threats that are out there,” Cortese said.
Need extra money? Don’t resend anything for someone you don’t know
Quick opportunities for extra cash can be enticing around the holidays, especially when all that’s required is putting a package in the mail in exchange for a check. Often, scammers will ask someone to resend a box to a foreign address or to buy and then ship gift cards in exchange for money, said Joe Partlow, chief technology officer at Tampa cybersecurity firm ReliaQuest.
“It’s a money laundering scam,” he said. “It’s stolen credit cards or stolen money, and when that gets reported, the bank’s going to pull that money back.”
Gift cards in particular make the scam difficult to trace back to an individual or group, leaving the victim on the hook for any money they spent. And any personal information you give out to “apply” for the job may be used to steal your identity.
Consider using a credit card
Once you’re ready to make your purchases, Partlow recommends using a credit card. If a criminal were to get a hold of your credit card information, your money typically is not on the line right away because you likely pay your credit card statements once a month. But with debit card information, thieves would be able to take out real money from your account immediately. And while the bank will likely return the money, it can sometimes take 30 to 45 days to do so.
“If you’re counting on that money for rent or critical monthly bills,” Partlow said, use a credit card to buy gifts. “If you get (stolen) money back it is not going to be in a timely manner.
That tracking text is fake
The closer it gets to your gift-giving day, the more likely you are to worry about a delayed shipment. Joseph Pilliod, CEO of cybersecurity compliance firm GarrisonPro, said his company is seeing an uptick in fake package delivery notifications.
A hacker will send a text or an email to someone saying they have an update on a package that person is expecting, often impersonating a specific service, such as Amazon or UPS. The notification instructs them to click on a link and sign in to see what the update is. That link, however, is fraudulent, and the hacker then steals the person’s login information for a site such as Amazon and tries to leverage it to steal financial information such as a credit card number.
“Take it as just that — a notification,” Pilliod said. “But don’t click the links.”
Instead, go to the delivery service’s official site to ensure you aren’t being tricked into giving out your information.
Don’t let your guard down for returns
Once the holidays have wrapped up, you’re still not out of the woods. Beware of scams that attempt to get you to click a link regarding a “return” that you made after the holidays, ReliaQuest’s Partlow said, particularly those that say you have a store credit or cash waiting for you.
“Any time people are distracted,” he said, such as around the holidays, “you’re going to let your guard down.”