The holiday season is upon us, which means many of us will be extra-busy through the end of the year. Cooking, decorating, visiting, gift-giving … it's easy to get caught up in the trappings of the season. Holidays are a favorite time for scammers to go after individuals and companies because they have a better chance of a successful attack. In this post, we'll review how individual consumers can better protect themselves against the most common attacks.
You're probably being inundated with reminders about secure online shopping, but we'd be remiss to not mention it here. Here are a few things you can do to protect yourself while you're working through those wish-lists:
Don't use public Wi-Fi. Data over insecure public connections can be breached in a variety of ways. Use a secure connection only and make sure that you only shop from devices that have security software installed.
Shop only legitimate and secure sites. Type in the URL of the site, rather than follow links from email, social media, text messages, or other sites. Make sure the connection is encrypted by checking for the “https” at the beginning of the site's address.
Use a secure password and multi-factor authentication. If you keep online accounts with your favorite websites, you should make them as secure as possible. This article on password security explains how to create and manage unique secure passwords for each of your accounts.
There's no denying that holiday travel can be risky for individual and organizational security. If your travel plans include airports, hotels, travel centers, etc., there are a few things you should keep in mind:
Maintain physical control of your device. Don't leave your smartphone, tablet, or laptop unattended, even for a short time. USB and other external storage devices are attractive to thieves as well, so take care not to lose track of them.
Disable Wi-Fi auto-connect and Bluetooth connectivity. This prevents your device from automatically connecting to a wireless network without your knowledge and stops nearby attackers from compromising your device through a Bluetooth connection.
Lockdown your devices and the data. Make sure you have your devices locked with a PIN, fingerprint, or whatever security control you have available on the device, and encrypt the files on your device if possible. In the event that your device is stolen, this will give your data an extra layer of protection.
Some attacks are designed to work better during certain times. These are a few that always work better during the end-of-year holiday season:
Phishing and other email-borne attacks. “Shipment is delayed” and “Credit card suspended” are common subjects for this kind of scam. The attacker is hoping you think that this is a legitimate email and urgently click on the link, which will take you to their website where they will steal your credentials and perhaps install malware on your device. Even if the email looks legitimate, you should ever click on these links. Type the URL into the browser to make sure that you are visiting the real site, or call the company
Fake mobile apps. This scam entices you to download and make purchases through a mobile app in exchange for promises of cashback or additional discounts. These apps will either steal your money or your information. Check out the user reviews for mobile apps and research the app or developer online before you download an unknown shopping app. Better yet, just shop through the retailer's verified site.
Fake charities. Attackers know that charitable giving increases over the holidays, and they're eager to take advantage of this. These attackers could be out to get your money, your personal information, or both. Organizations like Charity Navigator can confirm the legitimacy of the charity in question. Don't let anyone rush you into an unsolicited donation, and never use cash or gift cards to donate. There's more information on this topic here.
Hackers and other criminals are no reason to avoid enjoying all that the holiday season has to offer. Just be mindful that they're out there and take a few extra steps to remain secure.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.