How to keep your information secure during the holiday shopping season
Article adapted from UC Santa Cruz
Online holiday shopping continues to grow in popularity. Last year’s Cyber Monday sales reached approximately $3 billion, with transactions via mobile devices accounting for approximately 27 percent of that figure.
At the same time, criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal passwords, and trick you into revealing valuable personal and financial information that will cost you money.
Fortunately, many cyber-threats are avoidable. Keep these six tips in mind to help protect yourself from identity theft and other malicious activity while shopping and browsing online during the holiday season and throughout the year:
- If an offer seems too good to be true, it probably is. Don’t be fooled by the lure of great discounts.
- Watch out for fake package tracking emails and fake e-cards. These often come with malicious links or attachments designed to infect your device or steal your account information.
- Always think twice before clicking on links or opening attachments. Be cautious about all messages you receive, even those that appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank. The messages could be spoofed and be malicious. Use known, trusted URLs instead of clicking on links.
- Never reveal your password.
- Never give your financial or personal information via email or text.
- Limit your online shopping to merchants you know and trust. Go to sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
In addition to those key tips, here are ways to protect yourself online:
- Pay by credit card, not debit card. Credit cards offer protections that may reduce your liability if your information is used improperly. Debit cards typically do not have the same level of protection. Check your statements regularly for signs of fraudulent activity.
- Look for “https” before logging in or entering any information online. Make sure web page addresses (URLs) begin with https, not http. The “s” stands for “secure” and indicates that communication with the webpage is encrypted.
- Make sure your browser is current and up-to-date.
- Only use apps from known, reputable sources. Malicious software (“malware”) designed to steal credit card and other sensitive information can be downloaded onto mobile devices from seemingly legitimate shopping apps. Update your apps when notified. Also disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data being intercepted by thieves.
- Don’t respond to pop-ups. If a window pops up promising you cash, bargains or gift cards in exchange for answering a survey or other questions, close it. Don’t respond. Similarly, don’t respond to pop-ups that say you need to buy anti-virus software or software to “clean your infected computer.” These are all scams.
- Keep your devices up-to-date and virus-free. Be sure your computer and mobile devices are current with all operating system and application updates. Anti-virus/anti-malware software should be installed, running and receiving automatic updates.
- Don’t auto-save your personal information or passwords. When purchasing online, you may be given the option to save your personal information or password online for future use. Consider if the convenience is really worth the risk. The convenience of not having to re-enter the information is insignificant compared to the amount of time you would spend trying to repair the loss of your stolen personal information or passwords.
- Don’t use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your information and passwords. Additionally, criminals may intercept traffic on public wireless networks to steal credit card numbers and other sensitive information. Set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure hot spot.
- Secure your home’s wi-fi. To prevent eavesdroppers and data thieves, enable strong encryption on your home wireless network — WPA2 is recommended. Make sure you control who has administrative access to your home network and require all users to sign in with a strong password before connecting.
- Be alert for charity donation scams. Cyber-criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests as a means to gain access to your information or computer/device. Don’t click on links in emails requesting donations. Contribute by navigating to the trusted address of the charity.
- Secure your computer and mobile devices with a complex password. Don’t use the password for any other accounts. Set a timeout that locks your device after a period of inactivity, and be sure your devices require a password to start up or resume activity.
- Don’t post pictures of tickets to concerts or sporting events on social media sites. Protect the barcodes on tickets as you would your credit card number. Fraudsters create tickets using barcodes they find on social media sites and re-sell the tickets.
- Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.
Have questions about cybersecurity? Contact our UCOP IT Service Desk in one of the following ways:
Online: https://ucop.service-now.com/
Phone: 510-987-0457
Email: ServiceDesk@ucop.edu
In person/walk-in: Franklin 7116